2017-02-13 UTC
miklb and KevinMarks joined the channel
# 01:16 GWG I was curious if Loqi would respond to that. KartikPrabhu, tantek, KevinMarks and [kevinmarks] joined the channel
# 01:45 GWG My crazy idea about what to build. # 01:46 GWG Or me testing how crazy Loqi's answers can be. # 01:46 GWG I shouldn't play with Loqi's affections. # 01:48 GWG Loqi must have called his friends. I'm being boxed in by my vacuum robot # 01:58 GWG miklb: I was wondering what would be thought of a plugin that can be called by Post Kinds, Semantic Linkbacks, etc and would return parsed jf2 to be used to enhance comments and such. Sort of an x-ray for WordPress # 01:59 miklb I'm not 100% familiar with x-ray, but I love what aaronpk post for one of 100days for reposts and contexts # 01:59 miklb so I would be fully be onboard for something that moved the needle closer to something like that. And would contribute what ever I could to help # 02:00 GWG x-ray is just his service that takes a URL and returns a nicely parsed object you can use to build your response # 02:01 miklb I'm all for having as much data as possible to work with # 02:01 GWG But, since I was using aaronpk's x-ray code to enhance my code, it occurred to me I could go in that direction # 02:01 GWG The problem is that WordPress is horrible about dependencies. # 02:07 GWG But I may do some more work in that area. I want to dedeplicate POSSEd copies and the the original. Which requires extending Syndication Links to comments and supporting figuring out that it is a dupe. # 02:08 miklb so you need to figure out how to have a dependent library that multiple plugins could rely on, without packaging it as a plugin or putting it in each individual plugin? Am i following? # 02:09 GWG Well, I could package it as a plugin that uses the REST API or the older admin-ajax service to allow the frontend or other plugins to query it. # 02:09 GWG So, if it isn't there, the plugin would fall back on something else, but still... # 02:10 miklb I would be intrigued to see REST API integration there # 02:10 GWG miklb: The webmention plugin uses the endpoint infrastructure code without being REST. # 02:12 GWG Aaron Jorbin mentioned to me at IWC NYC 2 that the infrastructure could be used without using the full REST stuff. That made it more intriguing, because you can build any sort of API and there are all sorts of core functions to enhance it. # 02:13 miklb I still need to read the webmention plugin code. # 02:14 GWG I did the initial rewrite of Webmentions to use the infrastructure. I know snarfed thinks I want to rewrite the Micropub plugin in same, but it isn't at the top of my list. # 02:14 GWG If we wrote an authentication plugin for the API infrastructure to use Indieauth, it could be used by any REST API endpoint, not just Micropub. # 02:15 GWG But not enough people are using everything to justify it now, and there are more basic things to work on # 02:16 GWG miklb: I'm not sure I'm going to put that at the top of my list. # 02:16 GWG I think the plugins I have need some continued love before I try something new. # 02:16 GWG Even if I do split/rework parts of them # 02:17 miklb I'm going to be diving deep into rest api here very soon, and authentication is one of the things I'm concerned about, so I'll be putting a lot of thought there # 02:17 GWG Which adds JWT Authentication to the REST API # 02:19 GWG That should be enough to show how to add authentication to the REST API using something else. There is also an OAUTH 1 plugin KevinMarks joined the channel
tantek joined the channel
# 02:29 GWG miklb: What do you think about the idea of Syndication Links extending into comments? # 02:30 miklb at face value sounds good. I haven't gotten too far with comments yet, due to lost posts/lack of posts w/feedback. But working towards them, and want them to be as robust as possible # 02:31 GWG Well, Semantic Linkbacks is something that there is controversy about # 02:31 GWG People don't usually, joining the community, realize that the cool display stuff comes from it over Webmentions. # 02:31 GWG Webmentions is just the low level plumbing # 02:32 miklb ah, so the discuss is should the webmention plugin carry more front end fuctionality? # 02:32 tantek GWG, similarly, people would confuse Pingbacks with the display of Pingbacks # 02:32 tantek that is, people can be expected to *expect* that a plugin always does something visible # 02:33 GWG But I sort of agree with pfefferle's primary reason for separating them, and would seek to fix it as a requirement for merging them # 02:33 tantek so I will continue to advocate for the presentation of comments, likes, reposts etc. to be bundled into the Webmentions plugin # 02:34 GWG The implementation is a bit 'hacky' was what he said the last time I asked him # 02:35 GWG A lot of the stuff I worked on over the summer with the webmentions plugin and several tickets into WordPress itself was to make said implementation less hacky. # 02:36 GWG When pfefferle wrote the original version, he had no better way to accomplish the goal. # 02:38 GWG There still are major things missing on the WordPress side KevinMarks joined the channel
# 02:38 GWG For example, WordPress allows custom comment types like Webmention, but doesn't support them # 02:39 miklb you mean like, "here, you can create this thing, but don't expect us to do anything with it"? # 02:41 GWG Some big WordPress contributors are interested. But they are focused elsewhere. # 02:42 GWG so, they put together a Github repo which got a README...and nothing else. # 02:44 GWG The lack of registered support creates issues when you try to display webmentions if the theme doesn't support them. You basically have to take over large portions of system functionality. # 02:45 GWG miklb: I saw you forked my old Semantic Comments plugin? # 02:45 miklb yep. I do want some semblance of facepiles, so looking over that plugin, looked like a good place to start. # 02:45 GWG It was the first thing I created. # 02:46 GWG Basically, it allows for taking over the comment generation at three different levels. # 02:46 GWG The MF2_S comment walker is another example of it # 02:46 GWG It takes over comment generation without overriding the theme template. KevinMarks joined the channel
# 02:49 GWG So, back to the Linkbacks issue...so, the decision was to retain one webmention comment type called...webmention. # 02:50 GWG The types such as 'like', 'rsvp', etc were subtypes. # 02:50 GWG reply was decided to be the default 'comment' type. # 02:53 miklb I would need to think that through before I would have an opinion on the subtype route # 02:53 GWG That is one decision that might be worth revisiting in a rewrite. # 02:56 GWG What I am thinking about if which pieces of Semantic Linkbacks could move over to webmentions. One by one. # 02:57 miklb is there already a github issue for that dicussion? mblaney joined the channel
KevinMarks and [kevinmarks] joined the channel
# 03:08 [kevinmarks] I'm thinking that jf2, rather than being a "cleaner mf2" would make more sense as a uniform encoding of an xray/post types/authorship parsing # 03:09 GWG [kevinmarks]: What usage are you suggesting? # 03:09 [kevinmarks] If the various webmention handlers could rely on a common format that implements the more content aware parts of post types/authorship etc # 03:10 [kevinmarks] I have the feeling that we are all evolving in parallel a set of heuristics for "what does this url mean in this context" # 03:11 [kevinmarks] Which is a different problem from "what does this page generally represent?" # 03:14 [kevinmarks] We look at the various json outputs from webmention.io webmention.herokuapp.com xray semantic link backs # 03:15 [kevinmarks] In a way unmung.com is me doing this in a series of crude approximations # 03:27 GWG Semantic Linkbacks doesn't do any json output # 03:47 GWG It generates and consumes. It doesn't do anything intermediate # 03:51 GWG miklb, if you are interested, look at it and in the Indieweb organizational repo, php-comments # 03:53 GWG I tried a theoretical rewrite of it with php-comments at the center of it. # 03:55 GWG Yes, so what if in addition to parsers in each language we had this layer as a library? # 03:56 GWG Wouldn't that be the sensible thing? # 03:56 GWG aaronpk, agreed, but how do we get there? # 03:57 GWG aaronpk, I am iterating...well, piggybacking on your iteration, but close enough. # 03:58 GWG But the point is still well taken that if we are all looking to make it easier to go from full mf2 to something simpler to integrate, there is room for shared work # 03:58 GWG It sounds like something to talk about at an IWC KevinMarks joined the channel
# 03:59 miklb GWG might be a good argument to keep semantic linkbacks as its own plugin then # 04:02 GWG miklb: It isn't merging any time soon anyway. KevinMarks, KevinMarks_, KevinMarks__, cweiske, tantek, loicm, wdfwefewvfgew and arush joined the channel
arush and [dgold] joined the channel
# 11:37 petermolnar is anyone here running their own sms gateway with gammu-smsd? I'm having some interesting issues with it # 12:42 petermolnar nope. I'm using my former laptop, a T400 as home server, it has a 3g modem inside # 12:42 petermolnar the reason for doing it is that I want something to alert is a, internet is down, b, power is down # 12:43 petermolnar since it's a laptop, I can monitor both, and the battery lasts long enough to send an sms before going down # 12:43 petermolnar the flat we're renting is electricity-only, so if there's no power, there's no heating, which is not fun if you're away for a few days KevinMarks joined the channel
# 12:59 Zegnat We've had that happen in Sweden. No electricity means no heating, no cooking, and no water. arush1 and sebsel joined the channel
singpolyma, rMdes_, rMdes and arush joined the channel
# 14:42 aaronpk petermolnar: wow I've thought about setting up an SMS gateway ages ago and gave up and then Twilio launched and solved my more immediate problem # 14:42 petermolnar aaronpk I need a fallback when there's not internet connection at home # 14:43 petermolnar that is essentially the alert scenario: home server running from battery instead of ac and local network down singpoly1a joined the channel
# 15:03 petermolnar actually, I have an 56k modem in that machine, I could initiate a backup dialup when the broadband goes does, but I don't think I want to do that :D arush, miklb and tantek joined the channel
gRegorLove and KevinMarks joined the channel
[eddie] and snarfed joined the channel
# 21:00 snarfed got an HTTP 418: Unknown response from the flickr API just now :/ # 21:00 Loqi snarfed: GWG left you a message 4 days, 6 hours ago: Would Bridgy Publish recognize a link in the header or outside of e-content? cweiske and KevinMarks joined the channel
snarfed, snarfed1, [jeremycherfas], KevinMarks, tantek and KartikPrabhu joined the channel
tantek joined the channel
# 23:09 Loqi sebsel has 3 karma in this channel (16 overall) # 23:09 Loqi [Sebastiaan Andeweg] How I hacked my own site by feeding it a profile picture via webmention # 23:10 tantek worthy of adding to Webmention security considerations? # 23:12 tantek and being informative (non-normative) - it may be eligible for a no-review proposed edited recommendation :) # 23:23 aaronpk we mention XSS and CSRF explicitly in the security considerations. what type of attack is this? # 23:27 sebsel oh thanks tantek, I'm flattered :) (this was my first hack) # 23:27 Loqi sebsel: KevinMarks left you a message 1 day, 23 hours ago: look at silo.pub for twitter login # 23:30 sebsel !tell KevinMarks Oh thanks! I actually already implemented a Twitter login on my site before I saw your message :) # 23:30 Loqi Ok, I'll tell them that when I see them next # 23:35 sebsel In a way, this is worse than XSS or CSRF, because those two are on the client side, and here you run code on the server, so you can do anything with it. # 23:36 sebsel this also makes it less specific to webmention, I guess, and more related to user input validation # 23:36 aaronpk i think the key thing here is to remind people to treat everything they get from fetching a page from webmention as user input # 23:36 aaronpk and then all the typical user input sanitization stuff applies as normal # 23:39 tantek aaronpk, I'd say what sebsel identified is far from "typical" # 23:39 aaronpk if you ever handle uploaded files from users you have to take those same precautions # 23:40 aaronpk an explicit example in this case is probably good because images are such a key component of displaying useful webmentions, but i'm trying to generalize this into a recommendation so that it can be more than just listing specific attacks # 23:43 sebsel yes, I don't show html at the moment, but embedded images would follow the same rules # 23:44 sebsel it's good to note that they are files and need to be handled with care
[kevinmarks] Crazy ideas?
GWG Here is the Basic Auth plugin - https://github.com/WP-API/Basic-Auth
petermolnar GWG, a sidenote: I ended extending https://github.com/vrypan/webmention-tools - essentially it's doing xpath like lookups with Beautifulsoup instead of complete mf2 parsing, so for targeted parsing it might be simpler that traditional, complete mf2 parsing
@Inkwater_Masha 3 Legal Issues Journalists Face – and How to Avoid Them http://www.fullsailblog.com/nmjma-legalissuesinjournalism?platform=hootsuite #selfpub #indieauth #writetip (twitter.com/_/status/831145978166128642)
loqi.me created /Open_Source_Bridge (+192) "prompted by tantek and dfn added by tantek" (view diff)
@m_ott Hm ? For whatever reason Bridgy only sends Webmentions for this tweet: https://twitter.com/m_ott/status/831047069251039232, but not for this: https://twitter.com/beep/status/831136280465522689 (twitter.com/_/status/831224358240735232)
snarfed (flickr's API is silly in general with HTTP response codes. they literally return 400 sometimes when they're down. :P https://github.com/snarfed/webutil/blob/d7200c4db9aff362e0838e6ec5f18a535a7fc18f/util.py#L856 )
@Sebsel How I hacked my own site by feeding it a profile picture via webmention https://5eb.nl/4mq3 (twitter.com/_/status/831269220667240449)
tantek sebsel++ great post https://seblog.nl/2017/02/13/3/how-i-hacked-my-own-site