#dev 2017-02-03

2017-02-03 UTC
KartikPrabhu, KevinMarks and tantek joined the channel
#
stream.jaduncan.com edited /Google_Buzz (+66) "Apparently Buzz links have died." (view diff)
KevinMarks, KartikPrabhu, miklb, KevinMarks_, miklb_ and tantek joined the channel
#
@aaronpk @shellen Drafty looks great! I'd love if it supported Micropub so it could post directly to my website! https://www.w3.org/TR/micropub/ (twitter.com/_/status/827400324780417025)
KevinMarks, tantek, cweiske, miklb_ and miklb joined the channel
#
petermolnar is anyone using this for image alt generation? https://cloud.google.com/vision/
#
cweiske I don't
#
petermolnar.net edited /POSSE (+320) "POSSE git repositories" (view diff)
#
jeremycherfas.net edited /grav (+193) "Added RSS section --~~~~" (view diff)
#
Zegnat I am not sure any robot could create a proper alternative textual representation of an image, petermolnar. Even a description would still need to fit in the flow of the surrounding content, IMHO, and that isn’t taken into account there.
#
petermolnar Zegnat I don't believe in "AI" (current buzzword context) at all; these are relatively simple, trained neural networks, but for image without any usable alt text, this can be quite useful.
#
petermolnar I have stories with all my photos but I never really described the photo itself
#
petermolnar eg. https://petermolnar.net/beddgelert/ - there is no _replacement_ like alt text which says, for example "hills in sunset with clouds in the sky in Beddgelert"
#
Loqi Beddgelert https://petermolnar.net/files/beddgelert_b.jpg
#
petermolnar whereas this is what alt text should be
#
Zegnat I am not sure if that picture needs a textual alternative. The post does not lose any content if the image was hidden. Just describing the exact features on the picture sounds more like a longdesc usecase.
#
Zegnat BTW, petermolnar, I have been wanting to ask: does your webserver add the domain watermark to the corners or do you do that yourself before publishing?
#
petermolnar it's automatic
#
petermolnar https://github.com/petermolnar/petermolnar.net/blob/master/src/img.py#L164
#
petermolnar the steps:
#
petermolnar 1, I detect if the image is my photo based on exif values
#
petermolnar 2, I check is there is a watermark file
#
petermolnar 3, check if the image is jpeg
#
petermolnar 4, is all true, auto-size the fairly large, transparent png watermark file and composite it on top of the image before downsizing
#
petermolnar 5, start downsizing
#
petermolnar I had a similar solution for wordpress as well, but that was a plugin + a theme function combined as: https://github.com/petermolnar/wp-resized2cache/blob/master/wp-resized2cache.php + https://github.com/petermolnar/petermolnar.eu/blob/master/classes/image.php#L21
#
petermolnar the trick is that the watermark is a transparent png with special font and stuff
#
petermolnar http://www.dafont.com/gara.font
#
petermolnar but you could do without a font, using imagemagick to write
#
Zegnat So you have previously created a watermark image, rather than writing text straight onto the JPEG photo. Gotcha.
#
petermolnar yes; writing with transparency and special font sucks, so this is easier
#
petermolnar but if you want a simple text, no transparency, no special font, just use writing
#
petermolnar which language should I link solutions for?
#
petermolnar for python, there is wand: http://docs.wand-py.org/en/0.4.4/guide/draw.html#texts
#
Zegnat Just general question, I am not working on implementing any watermarks myself right now.
#
Zegnat My blog doesn’t support images at all, as it stands :p
#
petermolnar note to self: don't look at code you written 10 years ago. It hurts. ( I'm trying to find the first iterations of auto-watermarking on upload out of curiosity. )
#
petermolnar written/wrote
#
petermolnar ( my god, opening ~6 files from ~ 2007, first my eyes are bleeding because badly written php4, second I've spotted at least a hundred ways to sql injection points immediately. A lot has changed since.)
#
Zegnat The world was a better place 10 years ago, less automated injection tools scrawling the internet ;)
#
petermolnar yeah... 147 blocks from fail2ban yesterday, and now I'm blocking every violator ip for a complete day
#
petermolnar most of them are trying to get into wordpress instances by bruteforcing their way
#
petermolnar yesterday was particularly awful to be honest, it looks like a new botnet knocking on wordpresses
#
Zegnat It is an enormous bullseye you paint on yourself when using WordPress, apparently.
#
cweiske yesterday was the 0day that allowed anyone to access the WP rest API
#
cweiske s/0day/vulnerability/
jonnybarnes joined the channel
#
petermolnar I have the "Disable REST API" plugin active on all sites, it may have prevented some nastiness, but now I'm checking all my "hosted" sites ( friends & family, yay )
#
petermolnar (zfs snapshots are also useful in this case)
#
cweiske for the db?
#
petermolnar I have a few rules in nginx that prevents basic sqli and stuff
#
petermolnar so most of those attempts never reach wordpress at all
#
petermolnar all looks clean, I'm guessing this was luck playing here
#
Zegnat What was the vuln, cweiske? Got a link?
#
Loqi It looks like we don't have a page for "vuln, cweiske" yet. Would you like to create it?_H
#
cweiske https://blog.sucuri.net/2017/02/content-injection-vulnerability-wordpress-rest-api.html
#
cweiske the wordpress developers downplayed the severity of the issue they fixed with 4.7.2
#
petermolnar I wasn't paying attention to sucuri but reading their stuff is impressive, well structured, I'm getting to like them
#
Zegnat Thanks for the link cweiske, reading it through. Looks like a pretty big "woops"
#
petermolnar oh, fekin' hosts file; I've moved the wp instances from separate lxc containers to a single one and I forgot to change the hosts file, so the wp-cron http calls never reached them
#
petermolnar damn
#
petermolnar One, dubbed a WordPress pingback attack [...] large number of servers to simultaneously fetch [...] able to block it, because each querying machine broadcast a user agent that contained the words "WordPress pingback," (from: https://arstechnica.com/security/2017/02/how-google-fought-back-against-a-crippling-iot-powered-botnet-and-won/ ) question: should webmentions have a similar user agent recommendation/restriction ?
#
petermolnar I know about vouch but many haven't implementet that yet
#
Zegnat I am not sure defining a useragent in-spec makes sense. Though it is not a bad idea to send a UA along, plenty APIs ask for those so they can keep consumers apart.
singpolyma and miklb joined the channel
#
@dictvm I’m especially interested in talking about POSSE but I’m in no mood to fiddle with IndieAuth right now. There’s too much else to do. (twitter.com/_/status/827544173096075264)
#
@kartik_prabhu @dictvm POSSE and Indieauth are pretty much independent. I just POSSEd this reply (using Bridgy) but don’t have Indieauth on my site. (twitter.com/_/status/827553678584377345)
tantek, kants, rhiaro, petermolnar, KartikPrabhu, bear and KevinMarks joined the channel
#
@npdoty @jeffreycwitt @csarven is @SocialWebWG working on both WebMention and Linked Data Notification? Do they interoperate? (twitter.com/_/status/827590636442312704)
KevinMarks, KartikPrabhu and tantek joined the channel
#
aaronparecki.com edited /Accelerated_Mobile_Pages (+206) "/* Criticism */" (view diff)
#
tantek how's the newsletter looking this week?
#
vanderven.se martijn edited /events/2017-02-08-homebrew-website-club (-32) "/* West Europe */ Add location for the Netherlands." (view diff)
#
tantek.com edited /Events (+114) "update confirmed locations for next HWC" (view diff)
#
seblog.nl edited /events/2017-02-08-homebrew-website-club (+260) "RSVPs for The Netherlands" (view diff)
#
tantek.com edited /Events (+132) "/* How To Add An Event */ more details, add a step" (view diff)
#
tantek Zegnat - here's my notes on what I think we do for most events https://indieweb.org/Events#How_To_Add_An_Event
#
Zegnat tantek++
#
Loqi tantek has 3 karma in this channel (317 overall)
#
tantek.com edited /events/2017-02-08-homebrew-website-club (-402) "remove backcompat nested vcard adr microformats, fix some abbr/span markup, add abbr titles where missing, generalize to 17:30-19:30 by default since most meetups doing that now" (view diff)
#
tantek.com edited /events/2017-02-08-homebrew-website-club (+0) "alpha-sort RSVP cities to try that out" (view diff)
#
tantek looking better in pin13
singpolyma joined the channel
#
loqi.me edited /safe_replies (+96) "/* See Also */ new section" (view diff)
#
tantek ^^^ aaronpk looks like Loqi added the See Also to a redirect page!
#
aaronpk urgh mediawiki redirects are hard
#
aaronpk aha i see the problem
#
aaronpk the API i'm using doesn't know when a page is a redirect!
#
aaronpk https://indieweb.org/wiki/api.php?format=json&action=parse&prop=sections&page=next-hwc
#
aaronpk there's a separate endpoint that resolves the redirect so i can check that first
#
aaronpk aha this is good
#
aaronpk safe replies << http://tantek.com/2017/034/b1/indie-microblogging-hits-stretch-goal-indieweb
#
Loqi ok, I added "http://tantek.com/2017/034/b1/indie-microblogging-hits-stretch-goal-indieweb" to the "See Also" section of /Safe Replies
#
loqi.me edited /Safe_Replies (+79) "aaronpk added "http://tantek.com/2017/034/b1/indie-microblogging-hits-stretch-goal-indieweb" to "See Also"" (view diff)
#
Loqi [Tantek Çelik] Indie Microblogging Kickstarter Micro.blog Hits Goal & Stretch Goal For Safe Replies! #indieweb
#
aaronpk \o/
#
tantek aaronpk++
#
Loqi aaronpk has 32 karma in this channel (1203 overall)
#
tantek wow look at this recent twitterfight that js;dr inspired! https://twitter.com/dennisl/status/816272982834298880
#
@dennisl js;dr = JavaScript required; Didn’t Read http://bit.ly/2iQZjep by @t #js #webdev (twitter.com/_/status/816272982834298880)
#
tantek Irony: all the JS-required-for-content apologists are posting on a silo where the permalinks do not require JS to display the content
#
tantek aww never gotten this emoji before on a link to one of my posts on Twitter! https://twitter.com/clochix/status/817019741072138240
#
@clochix “if it’s not curlable, it’s not on the web (…) All your fancy front-end-JS-required frameworks are dead to history” ?http://tantek.com/2015/069/t1/js-dr-javascript-required-dead (twitter.com/_/status/817019741072138240)
#
aaronpk That's a fascinating example of a quote-of plus reacji post!
#
tantek whoa
#
tantek LOLOLOL just discovered http://www.jsdr.org/ (not my domain)