#dev 2017-02-23

2017-02-23 UTC
#
tantek.com edited /multi-photo (+5) "/* Silo Examples */ IG up to 10 photos" (view diff)
#
GWG Afternoon
#
tantek.com edited /multi-photo (+15) "/* Instagram */ multi-photo support requires square cropped photos / videos" (view diff)
#
www.boffosocko.com edited /events/2017-02-22-homebrew-website-club (+24) "Google Hangout Link for Virtual HWC" (view diff)
#
tantek.com edited /multi-photo (+129) "/* Instagram */ limitations" (view diff)
[chrisaldrich] joined the channel
#
tantek.com edited /Instagram (+246) "/* Single Photo Bookmarklet */ Bookmarklet improvements" (view diff)
miklb_ and mblaney joined the channel
#
www.boffosocko.com edited /Instagram (+411) "other photo/video functionality" (view diff)
#
tantek.com edited /multi-photo (+369) "/* Tantek */ new example, 5 photos, 4 POSSEd to Twitter!" (view diff)
#
tantek.com edited /Instagram (+378) "merge Other Functionality into existing Features section, add a few, merge separate PESOS sections into one as well" (view diff)
#
tantek.com edited /Instagram (+24) "note video as popular use-case" (view diff)
KevinMarks joined the channel
#
upon2020.com edited /events/2017-02-22-homebrew-website-club (+11) "/* San Francisco */" (view diff)
#
upon2020.com edited /events/2017-02-22-homebrew-website-club (+25) "/* San Francisco */" (view diff)
#
kevinmarks.com edited /events/2017-02-22-homebrew-website-club (+17) "/* San Francisco */" (view diff)
[katiejohnsonsf], [scottgruber], scottgruber, [chrisaldrich], [acegiak_net] and cweiske joined the channel
#
gregorlove.com edited /events/2017-02-22-homebrew-website-club (+59) "/* Photos */ Bellingham" (view diff)
#
gregorlove.com uploaded /Special:Log/upload "uploaded "[[File:bellingham-hwc-2017-02-22.jpg]]""
#
gregorlove.com edited /events/2017-02-22-homebrew-website-club (+95) "/* Photos */" (view diff)
#
sebastiangreger.net edited /uberspace (+288) "/* things to know */ service in German only" (view diff)
[dgold] joined the channel
#
tantek.com edited /events/2017-02-22-homebrew-website-club (+89) "/* Berlin Photos */ more photos link" (view diff)
tantek_ joined the channel
#
@0rWouldUrather RT @ReadersGazette BLOG Indie Author Answers by Jim Heskett http://www.thejugglingauthor.com/indieauth/ Get help writing your book #bookbloggers 13 (twitter.com/_/status/834737137727700994)
#
petermolnar for those who want to server their site via multiple domains (.bit and .onion, for example) and have absolute urls: http://nginx.org/en/docs/http/ngx_http_sub_module.html
#
cweiske petermolnar, are you serving .onion?
#
petermolnar I did, at one point, stopped at another
#
petermolnar no real reason, to be honest
#
petermolnar also, .onion is... well... I'd rather avoid those domains
tantek_ joined the channel
#
cweiske why? only negative associations?
loicm_, arush and tantek_ joined the channel
#
loqi.me edited /deviantART (+91) "petermolnar added "http://jon-rista.deviantart.com/journal/Very-Concerning-DeviantArt-com-License-221022234" to "See Also"" (view diff)
#
petermolnar cweiske there is an assumption that .onion is shady, and for now; I'm already a linux sysadmin, I don't need more attention from the agencies :D
KartikPrabhu and KevinMarks joined the channel
#
loqi.me edited /Ghost (+48) "aaronpk added "https://www.indiehackers.com/businesses/ghost" to "See Also"" (view diff)
singpolyma joined the channel
#
KartikPrabhu anyone using SHA-1 still see: https://shattered.io/
#
voxpelli I wonder when git will switch from SHA-1
#
KartikPrabhu now would be the time
#
bear using SHA-1 to generate what is in essence a context implied label, IMO, different than using it as a signing method
#
bear I'm not worried if repo 1 and repo 2 have commits with the same SHA
#
KartikPrabhu bear: the point I think is that even in repo1 SHA-1 generated hashes are unreliable
#
aaronpk isn't the threat that someone could replace the code in a commit with code that has the same SHA-1 as the real commit?
#
KartikPrabhu if I am understanding it correctly
#
bear hmm
#
KartikPrabhu aaronpk: yeah that was my impression too
#
bear does that "oh, didn't think of *that*" face
#
bear well poo
snarfed joined the channel
#
snarfed fell into quite a unicode rabbit hole over the last week: https://github.com/snarfed/webutil/blob/master/util.py#L1261-L1323
#
snarfed usage in fix for the bug that discovered it: https://github.com/snarfed/granary/commit/73073aad9fe1b9fd0aaa6688e8cf4bde409d277e
#
bear snarfed++ for even *thinking* of handling wide unicode in python
#
Loqi snarfed has 2 karma in this channel (259 overall)
#
snarfed lol
#
snarfed python <3.3 at least
#
bear yea
#
aaronpk what is wide unicode?
#
Loqi It looks like we don't have a page for "wide unicode" yet. Would you like to create it?
#
snarfed (aaronpk this is what i thought last week was a multi-code-point problem)
#
bear the difference between UCS2 and UCS4
#
snarfed wide unicode is a term for Unicode high code points with ordinals greater than 16 bits, ie above the Basic Multilingual Plane
#
Loqi ok
#
loqi.me created /wide_unicode (+157) "prompted by aaronpk and dfn added by snarfed" (view diff)
#
snarfed isn't sure that dfn is a net benefit :P
#
aaronpk haha
#
Loqi hahahaha
#
bear :) - but it will surely make some of us pause and chuckle
#
KartikPrabhu what is unicode?
#
Loqi It looks like we don't have a page for "unicode" yet. Would you like to create it?
#
bear for the PHP folks -- looks like PHP v7 has a CVE out -- http://www.ubuntu.com/usn/usn-3211-1
#
bear or rather a handful of CVE fixes out
#
miklb thanks bear
#
miklb bear++
#
Loqi bear has 12 karma in this channel (178 overall)
#
aaronpk is still on php5
#
miklb I was able to jump to 7 since I didn't have any production-like code running.
#
dansup bear, using unserialize() on untrusted data is bad practice - even with the new whitelist allowed_classes. the man page has a big warning
#
dansup http://php.net/manual/en/function.unserialize.php
#
bear dansup - oh, no worries from me, I'm not a PHP dev even in my fantasy world
#
dansup heh
#
bear my job requires me to review *every* CVE notice as it comes in - so I pass on the ones that I know could be of use to the IndieWeb folks
#
aaronpk i haven't used serialize/unserialize in ages
#
dansup bear, ah, thanks for the heads up :)
#
dansup aaronpk, yeah, json_encode/decode on the other hand...
#
aaronpk yeah but you can't create code with json_decode
snarfed, gRegorLove, KartikPrabhu and [chrisaldrich] joined the channel
#
aaronparecki.com edited /authorization-endpoint (+14) "clarify" (view diff)
#
Zegnat bear, I am on 7.1, any idea if there was any overlap?
#
Zegnat Asking before I go and read up on them myself.
#
Zegnat Ah, doesn’t seem I am affected either way. Still thanks for the heads up! :)
KevinMarks and cweiske joined the channel
#
aaronpk alrighty... anyone who has written a Micropub client, I would appreciate if you filled out an implementation report!
#
aaronpk since we need to move quickly on this, I decided to stick with a markdown file report like webmention, rather than waiting for me to complete the micropub.rocks test suite
#
aaronpk https://micropub.net/implementation-reports/
#
cweiske aaronpk, I'm not able to complete a server report for commentpara.de because it only accepts likes+replies, while micropub.rocks wants to push "normal" posts
#
aaronpk ah yeah...
#
aaronpk hm, I can make an .md version for that case
#
martymcguire[m] how quickly do these implementation reports need to be up? i have a couple of in-progress micropub clients that need some cleanup, haha.
#
Loqi martymcguire[m]: lol
#
aaronpk i'd love to get 1-2 by Monday if possible
#
cweiske hey I have a mp client
#
aaronpk oh the command line one?
#
martymcguire[m] i have a micropub client question that maybe other client implementors can help me understand
#
martymcguire[m] one thing i have noticed about implementations like quill is a tendency to have their form submit to their own server (e.g. back to quill.p3k.io), which then submits the post to the micropub endpoint.
#
cweiske yes
#
cweiske shpub
#
cweiske filling out the report now
#
aaronpk awesome, thanks
#
martymcguire[m] in testing i tend to cut out that submit-to-a-proxy-endpoint step and just post straight to the micropub endpoint, though from a UI perspective it leaves the browser showing whatever comes back for the 201 Created (or similar) response.
#
aaronpk i'm trying to remember why I did that with Quill in the first place
#
martymcguire[m] part of me wants to have a client that runs in the browser POST directly to the micropub endpoint (especially if it's already doing that for files with the micropub media endpoint)
#
martymcguire[m] the big tripping hazard i think would be CORS.
#
aaronpk oh, well for one, the micropub endpoint would need to have the CORS headers set up to allow that
#
loqi.me created /Sherlocked (+205) "prompted by [chrisaldrich] and dfn added by [chrisaldrich]" (view diff)
#
aaronpk using the server proxy avoids all that
#
martymcguire[m] that's my thinking as well. what are the odds of getting "please support CORS headers" into the spec for micropub server endpoints? ;}
#
loqi.me edited /Sherlocked (+50) "/* See Also */ new section" (view diff)
#
aaronpk well to start, it'd have to be implemented by someone
#
martymcguire[m] makes sense!
#
martymcguire[m] if i understand correctly, it's tricky to reliably determine from JS if a request was blocked by CORS
#
cweiske aaronpk, what is meant by "vocabularies"?
#
cweiske mf?
#
aaronpk cweiske: whether you support h-entry, h-event, or something else, and then which properties of each
#
aaronpk e.g. https://github.com/w3c/Micropub/blob/master/implementation-reports/quill.md#vocabularies
#
aaronpk not strictly required for this, but i thought it would be helpful information for the future
#
martymcguire[m] my current thinking is that the browser-side of the app could check ?q=config and, if the request succeeds, plan to post directly from the browser. otherwise, fall back into a mode where it proxies through the server.
#
aaronpk martymcguire[m]: i suppose, tho that seems like a lot of work for the client, and what's the benefit?
#
martymcguire[m] eliminates the two-legged POST through the app's server
#
aaronpk maybe faster I guess?
#
ben_thatmustbeme filling in my client now, inkstone does some odd things hehe
#
aaronpk odd things are fine :)
#
martymcguire[m] it should be faster, sure, but it also means that as a user i don't have to trust the app's server with my micropub data
#
cweiske there you go aaronpk https://github.com/w3c/Micropub/pull/69
#
aaronpk cweiske++
#
Loqi cweiske has 8 karma in this channel (79 overall)
#
aaronpk martymcguire[m]: if you sign in to an app, you're already trusting it quite a bit
#
ben_thatmustbeme also, aaronpk the h-entry link you give doesn't seem to work
#
aaronpk oops
#
aaronpk forgot the mf wiki has the "wiki/" prefix
#
martymcguire[m] aaronpk: agreed. i would be very interested in micropub clients that are single-page applications which run directly in my browser without any behavior "hidden" in a server-side component.
#
aaronpk martymcguire[m]: yeah definitely, i think that's a good type of application for sure.
#
aaronpk i think there's room for both models though, one isn't necessarily better than the other
#
martymcguire[m] for sure!
#
martymcguire[m] so it sounds like i'd need at least one implementation report for a micropub server that sends CORS headers to allow posting via javascript from other domains
#
martymcguire[m] and at least one for a micropub client that posts via javascript (requiring CORS headers)
#
aaronpk at least one
#
aaronpk if there were two written by different people, that would be a strong case for including it in the spec
#
martymcguire[m] haha, right. two+ makes more sense, i guess.
#
voxpelli martymcguire[m]: I think we can solve that CORS Micropub server thing ;) Would be super easy to do for me
#
voxpelli martymcguire[m]: if you add an issue here then I'll try to fix it: https://github.com/voxpelli/webpage-micropub-to-github/issues
#
martymcguire[m] voxpelli: thanks! if i get an all-javascript client going i'll set up a webpage-micropub-to-github test site to try it against.
#
aaronpk alright, i'm summarizing them here https://docs.google.com/spreadsheets/d/1E3wXQ4M3f6X_Qe8GdUo_zaAVGgYhTyDWcpF05PxfJNQ/edit?usp=sharing
#
aaronpk the goal is to have no red or yellow
#
cweiske aaronpk, you can count shpub to mp-slug and post-status
#
aaronpk ah yeah
#
aaronpk (it's also fine for the extensions and vocabulary to not be all green)
#
aaronpk also I should note that because I'm the editor, my implementations carry less weight in this
#
cweiske so shpub is the only one that counts :)
#
aaronpk mine *count*, but it would be hard for me to justify a feature if mine are the only ones using it
#
cweiske so I guess https://indieweb.org/Micropub/Clients#Implementation_status is outdated now
#
aaronpk oh yeah, that's still a great list
#
aaronpk that's a more user-focused list. mine is spec-focused.
#
Zegnat re: sha1 in git, Linus has commented: https://marc.info/?l=git&m=148787047422954&w=2
#
bear Zegnat++ for sharing that SHA-1 in git article
#
Loqi zegnat has 1 karma in this channel (36 overall)
#
Zegnat That email thread is pretty interesting to read. Though mostly it seems like they aren’t too worried.
KartikPrabhu joined the channel
#
martymcguire[m] micropub client impl report submitted for slater
#
martymcguire[m] (my janky WIP event creation client)
#
martymcguire[m] supports creating h-event, so that's a tick to the h-event vocabulary box
#
aaronpk yay thanks!
#
Loqi ?
#
martymcguire[m] submitted another for screech (my janky WIP podcasting client). supports h-entry with u-audio, additional fields for metadata pulled from that audio such as artist, album, track title, duration, ...
#
martymcguire[m] oop, i see you already merged :}
#
aaronpk neat!
#
@John316Network https://booklaunch.io/llwroberts/thedoor - The Door is free. #IARTG #Kindleebooks #mustread #readers #Kindletouch #indieauth #IAN1pic.twitter.com/8LCenVAYrJ (twitter.com/_/status/834872215757656064)
#
gregorlove.com edited /nntp (-3) "dfn" (view diff)
#
bear was just loading up the wiki page to fix that :)
#
gregorlove.com moved /nntp to /Network_News_Transfer_Protocol "canonical"
#
gRegorLove what is nntp
#
Loqi https://indieweb.org/NNTP
#
gRegorLove what is nntp
#
Loqi https://indieweb.org/NNTP
#
gRegorLove what is Network News Transfer Protocol
#
Loqi https://indieweb.org/Network_News_Transfer_Protocol
#
aaronparecki.com edited /NNTP (+26) "fix redirect" (view diff)
#
gRegorLove what is nntp
#
Loqi Network News Transfer Protocol (NNTP) is used to connect Usenet news servers and end user client applications https://indieweb.org/NNTP
#
gRegorLove Woo
#
bear gRegorLove++ for always be gardening
#
Loqi gregorlove has 15 karma in this channel (105 overall)
#
gRegorLove Coffee is for gardeners
#
gRegorLove :)
#
sknebel aaronpk: can you take a look at https://telegraph.p3k.io/webmention/11VoVXr4Exm9pUOaoH/details and help me figure out why it wants to use my webmention endpoint over HTTP? fetches of my homepage should redirect always to HTTPS, and only then include a (relative) path to the endpoint, which then also would be HTTPS
#
aaronpk oh boy
#
sknebel (I wondered why tantek linking to my page hadn't shown up and tried to use telegraph to manually trigger a WM
#
aaronpk this sounds kind of like https://webmention.rocks/test/23
#
Loqi [Webmention Rocks!] Discovery Test #23
#
aaronpk which telegraph does pass
#
aaronpk is this a different situation?
#
aaronpk "This will test that your endpoint follows redirects on the target and resolves the relative URL relative to the resulting URL rather than the original URL."
#
aaronpk you do have an additional redirect in there, but I wouldn't think that would matter
[barryf] joined the channel
#
[barryf] aaronpk: Micropub implementation report submitted for Micropublish https://github.com/w3c/Micropub/pull/72
#
aaronpk [barryf]++
#
Loqi barryf has 1 karma in this channel (8 overall)
#
[barryf] Thanks aaronpk ? Have your recent changes to Micropub.rocks made it to the live version yet (or another public URL)?
#
aaronpk ah i haven't launched the client tests yet. i was hoping to have a few more finished
#
[barryf] No worries. I'll keep an eye out for when you're ready.
#
sknebel aaronpk: does it remember the http vs https somewhere?
#
sknebel because yes, that looks like said test case
miklb_ and loicm_ joined the channel
#
aaronpk that's odd... I don't see code that handles that https://github.com/indieweb/mention-client-php/blob/master/src/IndieWeb/MentionClient.php#L167
#
aaronpk i am confused how my client is passing that test
#
aaronpk did i mess up the test?
#
sknebel seems so, if I append the path I get there in the webmention header to https://webmention.rocks/test/23/page/ I get "method not allowed" (Because I test with the browser right now, and thus GET), if I append it to the redirect target I get "404 not found"
#
sknebel aaronpk: e.g. https://webmention.rocks/test/23/page/webmention/MgFyfwb7K3mLxGjlCrwT vs https://webmention.rocks/test/23/page/9RlSzRndPwA1PoM41pev/webmention/MgFyfwb7K3mLxGjlCrwT
#
aaronpk ffs. I did mess up the test.
#
aaronpk i coincidentally chose a URL pattern for that 23 test that happend to match the regular tests
#
aaronpk so if you found the "wrong" URL then it still worked :headdesk:
#
bear sknebel++ for finding an issue and reporting it
#
Loqi sknebel has 2 karma in this channel (21 overall)
#
aaronpk so... i need to fix mention-client-php, which i thought was fixed, because the test was wrong
#
aaronpk lol
#
sknebel still, quite useful to just be able to look it up and say "ok, test 23 should cover that, why doesn't it", since there it is clearly documented what is supposed to happen (so it is easy to audit the test as well)
#
aaronpk okay, pushed a fix for the test
#
aaronpk and now telegraph fails the test
#
aaronpk progress
miklb joined the channel
#
aaronpk and issue opened https://github.com/indieweb/mention-client-php/issues/31
#
aaronpk that was sneaky
#
aaronpk sknebel++
#
Loqi sknebel has 3 karma in this channel (22 overall)
KevinMarks, [chrisaldrich] and KevinMarks_ joined the channel