#dev 2017-02-13

2017-02-13 UTC
miklb and KevinMarks joined the channel
#
GWG
miklb: Did I miss you again?
#
Loqi
misses you again? too
#
GWG
Loqi, will you be my valentine?
#
GWG
I was curious if Loqi would respond to that.
KartikPrabhu, tantek, KevinMarks and [kevinmarks] joined the channel
#
[kevinmarks]
Crazy ideas?
#
GWG
What crazy ideas?
#
GWG
My crazy idea about what to build.
#
GWG
Or me testing how crazy Loqi's answers can be.
#
GWG
I shouldn't play with Loqi's affections.
#
GWG
Loqi must have called his friends. I'm being boxed in by my vacuum robot
#
miklb
GWG I'm back
#
GWG
miklb: I was wondering what would be thought of a plugin that can be called by Post Kinds, Semantic Linkbacks, etc and would return parsed jf2 to be used to enhance comments and such. Sort of an x-ray for WordPress
#
miklb
I'm not 100% familiar with x-ray, but I love what aaronpk post for one of 100days for reposts and contexts
#
miklb
so I would be fully be onboard for something that moved the needle closer to something like that. And would contribute what ever I could to help
#
GWG
x-ray is just his service that takes a URL and returns a nicely parsed object you can use to build your response
#
miklb
I'm all for having as much data as possible to work with
#
GWG
But, since I was using aaronpk's x-ray code to enhance my code, it occurred to me I could go in that direction
#
GWG
The problem is that WordPress is horrible about dependencies.
#
GWG
But I may do some more work in that area. I want to dedeplicate POSSEd copies and the the original. Which requires extending Syndication Links to comments and supporting figuring out that it is a dupe.
#
miklb
so you need to figure out how to have a dependent library that multiple plugins could rely on, without packaging it as a plugin or putting it in each individual plugin? Am i following?
#
GWG
Well, I could package it as a plugin that uses the REST API or the older admin-ajax service to allow the frontend or other plugins to query it.
#
GWG
So, if it isn't there, the plugin would fall back on something else, but still...
#
miklb
I would be intrigued to see REST API integration there
#
GWG
miklb: The webmention plugin uses the endpoint infrastructure code without being REST.
#
GWG
Aaron Jorbin mentioned to me at IWC NYC 2 that the infrastructure could be used without using the full REST stuff. That made it more intriguing, because you can build any sort of API and there are all sorts of core functions to enhance it.
#
miklb
I still need to read the webmention plugin code.
#
GWG
I did the initial rewrite of Webmentions to use the infrastructure. I know snarfed thinks I want to rewrite the Micropub plugin in same, but it isn't at the top of my list.
#
GWG
I know the advantages.
#
GWG
If we wrote an authentication plugin for the API infrastructure to use Indieauth, it could be used by any REST API endpoint, not just Micropub.
#
GWG
And so on.
#
GWG
But not enough people are using everything to justify it now, and there are more basic things to work on
#
miklb
+1 to indieauth authentication for API
#
GWG
miklb: I'm not sure I'm going to put that at the top of my list.
#
GWG
I think the plugins I have need some continued love before I try something new.
#
GWG
Even if I do split/rework parts of them
#
miklb
I'm going to be diving deep into rest api here very soon, and authentication is one of the things I'm concerned about, so I'll be putting a lot of thought there
#
GWG
miklb: Need some resources?
#
GWG
Which adds JWT Authentication to the REST API
#
GWG
Here is the Basic Auth plugin - https://github.com/WP-API/Basic-Auth
#
GWG
That should be enough to show how to add authentication to the REST API using something else. There is also an OAUTH 1 plugin
#
miklb
I've looked at the oath1 and basic
#
miklb
the jsw looks interesting
KevinMarks joined the channel
#
miklb
er, jwt
tantek joined the channel
#
GWG
It even has a token endpoint.
#
GWG
miklb: What do you think about the idea of Syndication Links extending into comments?
#
miklb
at face value sounds good. I haven't gotten too far with comments yet, due to lost posts/lack of posts w/feedback. But working towards them, and want them to be as robust as possible
#
GWG
Well, Semantic Linkbacks is something that there is controversy about
#
miklb
how so?
#
GWG
People don't usually, joining the community, realize that the cool display stuff comes from it over Webmentions.
#
GWG
Webmentions is just the low level plumbing
#
miklb
ah, so the discuss is should the webmention plugin carry more front end fuctionality?
#
tantek
GWG, similarly, people would confuse Pingbacks with the display of Pingbacks
#
tantek
this is not an unreasonable expectation
#
GWG
Yes
#
tantek
that is, people can be expected to *expect* that a plugin always does something visible
#
tantek
instead of "just" being plumbing
#
GWG
But I sort of agree with pfefferle's primary reason for separating them, and would seek to fix it as a requirement for merging them
#
tantek
so I will continue to advocate for the presentation of comments, likes, reposts etc. to be bundled into the Webmentions plugin
#
tantek
could you restate that primary reason?
#
GWG
The implementation is a bit 'hacky' was what he said the last time I asked him
#
GWG
A lot of the stuff I worked on over the summer with the webmentions plugin and several tickets into WordPress itself was to make said implementation less hacky.
#
GWG
When pfefferle wrote the original version, he had no better way to accomplish the goal.
#
GWG
There still are major things missing on the WordPress side
KevinMarks joined the channel
#
GWG
For example, WordPress allows custom comment types like Webmention, but doesn't support them
#
miklb
you mean like, "here, you can create this thing, but don't expect us to do anything with it"?
#
GWG
Some big WordPress contributors are interested. But they are focused elsewhere.
#
GWG
so, they put together a Github repo which got a README...and nothing else.
#
GWG
The lack of registered support creates issues when you try to display webmentions if the theme doesn't support them. You basically have to take over large portions of system functionality.
#
GWG
miklb: I saw you forked my old Semantic Comments plugin?
#
miklb
yep. I do want some semblance of facepiles, so looking over that plugin, looked like a good place to start.
#
GWG
It's a bit of a mess.
#
GWG
It was the first thing I created.
#
GWG
Basically, it allows for taking over the comment generation at three different levels.
#
miklb
the thinking is solid though
#
GWG
The MF2_S comment walker is another example of it
#
GWG
It takes over comment generation without overriding the theme template.
KevinMarks joined the channel
#
GWG
So, back to the Linkbacks issue...so, the decision was to retain one webmention comment type called...webmention.
#
GWG
The types such as 'like', 'rsvp', etc were subtypes.
#
GWG
reply was decided to be the default 'comment' type.
#
miklb
I would need to think that through before I would have an opinion on the subtype route
#
GWG
That is one decision that might be worth revisiting in a rewrite.
#
GWG
It has cons though.
#
GWG
What I am thinking about if which pieces of Semantic Linkbacks could move over to webmentions. One by one.
#
miklb
is there already a github issue for that dicussion?
mblaney joined the channel
KevinMarks and [kevinmarks] joined the channel
#
[kevinmarks]
I'm thinking that jf2, rather than being a "cleaner mf2" would make more sense as a uniform encoding of an xray/post types/authorship parsing
#
GWG
[kevinmarks]: What usage are you suggesting?
#
[kevinmarks]
If the various webmention handlers could rely on a common format that implements the more content aware parts of post types/authorship etc
#
[kevinmarks]
I have the feeling that we are all evolving in parallel a set of heuristics for "what does this url mean in this context"
#
[kevinmarks]
Which is a different problem from "what does this page generally represent?"
#
GWG
Interesting idea
#
GWG
puts on tantek hat
#
GWG
How do we document that idea?
#
[kevinmarks]
We look at the various json outputs from webmention.io webmention.herokuapp.com xray semantic link backs
#
[kevinmarks]
In a way unmung.com is me doing this in a series of crude approximations
#
GWG
Semantic Linkbacks doesn't do any json output
#
miklb
it consumes the output?
#
GWG
It generates and consumes. It doesn't do anything intermediate
#
GWG
miklb, if you are interested, look at it and in the Indieweb organizational repo, php-comments
#
GWG
I tried a theoretical rewrite of it with php-comments at the center of it.
#
[kevinmarks]
I feel like we are all doing variations on this theme
#
GWG
Yes, so what if in addition to parsers in each language we had this layer as a library?
#
GWG
Wouldn't that be the sensible thing?
#
aaronpk
only once the general idea is more stable
#
GWG
aaronpk, agreed, but how do we get there?
#
aaronpk
iteration!
#
aaronpk
and more use
#
GWG
aaronpk, I am iterating...well, piggybacking on your iteration, but close enough.
#
aaronpk
yep definitely
#
GWG
But the point is still well taken that if we are all looking to make it easier to go from full mf2 to something simpler to integrate, there is room for shared work
#
GWG
It sounds like something to talk about at an IWC
KevinMarks joined the channel
#
miklb
GWG might be a good argument to keep semantic linkbacks as its own plugin then
#
GWG
miklb: It isn't merging any time soon anyway.
KevinMarks, KevinMarks_, KevinMarks__, cweiske, tantek, loicm, wdfwefewvfgew and arush joined the channel
#
petermolnar
GWG, a sidenote: I ended extending https://github.com/vrypan/webmention-tools - essentially it's doing xpath like lookups with Beautifulsoup instead of complete mf2 parsing, so for targeted parsing it might be simpler that traditional, complete mf2 parsing
#
petermolnar
I also thought to run https://github.com/n1k0/readable-proxy/ to pull in content / stuff from pages without mf2 markup, but I didn't yet started doing it
arush and [dgold] joined the channel
#
petermolnar
is anyone here running their own sms gateway with gammu-smsd? I'm having some interesting issues with it
#
petermolnar
nevermind, gammu fixed, /me has indie-sms-gateway now \o/
#
cweiske
do you use a spare phone + sim card for that?
#
petermolnar
nope. I'm using my former laptop, a T400 as home server, it has a 3g modem inside
#
petermolnar
but sim card is needed, indeed
#
petermolnar
the reason for doing it is that I want something to alert is a, internet is down, b, power is down
#
petermolnar
since it's a laptop, I can monitor both, and the battery lasts long enough to send an sms before going down
#
petermolnar
the flat we're renting is electricity-only, so if there's no power, there's no heating, which is not fun if you're away for a few days
#
petermolnar
didn't happen yet, thankfully
#
petermolnar
touches wood
KevinMarks joined the channel
#
Zegnat
We've had that happen in Sweden. No electricity means no heating, no cooking, and no water.
arush1 and sebsel joined the channel
#
@Inkwater_Masha
3 Legal Issues Journalists Face – and How to Avoid Them http://www.fullsailblog.com/nmjma-legalissuesinjournalism?platform=hootsuite #selfpub #indieauth #writetip
(twitter.com/_/status/831145978166128642)
singpolyma, rMdes_, rMdes and arush joined the channel
#
aaronpk
petermolnar: wow I've thought about setting up an SMS gateway ages ago and gave up and then Twilio launched and solved my more immediate problem
#
petermolnar
aaronpk I need a fallback when there's not internet connection at home
#
petermolnar
so online services won't solve this :)
#
aaronpk
Makes sense
#
petermolnar
that is essentially the alert scenario: home server running from battery instead of ac and local network down
#
petermolnar
s/and/and\/or
singpoly1a joined the channel
#
petermolnar
actually, I have an 56k modem in that machine, I could initiate a backup dialup when the broadband goes does, but I don't think I want to do that :D
arush, miklb and tantek joined the channel
#
loqi.me
created /Open_Source_Bridge (+192) "prompted by tantek and dfn added by tantek"
(view diff)
#
loqi.me
created /OSBridge (+31) "prompted by tantek and dfn added by tantek"
(view diff)
#
loqi.me
edited /Open_Source_Bridge (+63) "/* See Also */ new section"
(view diff)
#
loqi.me
edited /Open_Source_Bridge (+19) "tantek added "/webactions#2012" to "See Also""
(view diff)
#
loqi.me
edited /Open_Source_Bridge (+25) "tantek added "[[2012/Open_Checkins]]" to "See Also""
(view diff)
#
tantek.com
edited /2011 (-26) "linky OSBridge"
(view diff)
gRegorLove and KevinMarks joined the channel
#
GWG
Afternoon
[eddie] and snarfed joined the channel
#
snarfed
got an HTTP 418: Unknown response from the flickr API just now :/
#
Loqi
snarfed: GWG left you a message 4 days, 6 hours ago: Would Bridgy Publish recognize a link in the header or outside of e-content?
#
snarfed
(GWG: yes)
cweiske and KevinMarks joined the channel
#
snarfed
(flickr's API is silly in general with HTTP response codes. they literally return 400 sometimes when they're down. :P https://github.com/snarfed/webutil/blob/d7200c4db9aff362e0838e6ec5f18a535a7fc18f/util.py#L856 )
snarfed, snarfed1, [jeremycherfas], KevinMarks, tantek and KartikPrabhu joined the channel
#
@Sebsel
How I hacked my own site by feeding it a profile picture via webmention https://5eb.nl/4mq3
(twitter.com/_/status/831269220667240449)
tantek joined the channel
#
Loqi
sebsel has 3 karma in this channel (16 overall)
#
Loqi
[Sebastiaan Andeweg] How I hacked my own site by feeding it a profile picture via webmention
#
tantek
worthy of adding to Webmention security considerations?
#
tantek
aaronpk?
#
aaronpk
isn't it a bit late for that? :)
#
tantek
errata!
#
tantek
and being informative (non-normative) - it may be eligible for a no-review proposed edited recommendation :)
#
aaronpk
we mention XSS and CSRF explicitly in the security considerations. what type of attack is this?
#
sebsel
oh thanks tantek, I'm flattered :) (this was my first hack)
#
Loqi
sebsel: KevinMarks left you a message 1 day, 23 hours ago: look at silo.pub for twitter login
#
sebsel
isn't this called remote code execution?
#
sebsel
looks at silo.pub
#
sebsel
!tell KevinMarks Oh thanks! I actually already implemented a Twitter login on my site before I saw your message :)
#
Loqi
Ok, I'll tell them that when I see them next
#
sebsel
In a way, this is worse than XSS or CSRF, because those two are on the client side, and here you run code on the server, so you can do anything with it.
#
sebsel
this also makes it less specific to webmention, I guess, and more related to user input validation
#
aaronpk
i think the key thing here is to remind people to treat everything they get from fetching a page from webmention as user input
#
aaronpk
and then all the typical user input sanitization stuff applies as normal
#
sebsel
yeah!
#
tantek
aaronpk, I'd say what sebsel identified is far from "typical"
#
tantek
and worth providing as an explicit example
#
aaronpk
if you ever handle uploaded files from users you have to take those same precautions
#
aaronpk
an explicit example in this case is probably good because images are such a key component of displaying useful webmentions, but i'm trying to generalize this into a recommendation so that it can be more than just listing specific attacks
#
sebsel
yes, I don't show html at the moment, but embedded images would follow the same rules
#
sebsel
it's good to note that they are files and need to be handled with care