#dev 2017-03-21

2017-03-21 UTC
[eddie] joined the channel
#
[eddie]
aaronpk: I noticed in your https://aaronparecki.com/2017/03/18/14/day-88-checkins post you show some of your data file. It looks very similar to jekyll’s files. Have you ever posted about your data storage? Is it a sensitive topic? So far, my jekyll storage is horrible as I’ve been hand-coding everything. Now that I’m integrating jekyll with micropub, I’m either having to do a lot of hand-coded translations or I’m having to re-do my st
#
[eddie]
micropub like how you’ve done. Curious if you have any thoughts/best practices for that?
#
Loqi
[Aaron Parecki] Day 88: Checkins! #100DaysOfIndieWeb
tantek joined the channel
#
tantek
wonders if he should block every IP that requests /wp-login.php
#
tantek
since he has never had WP installed on his site
#
tantek
what is wp-login.php
#
Loqi
It looks like we don't have a page for "wp-login.php" yet. Would you like to create it?
#
tantek
wp-login.php is the login page for a [[WordPress]] installation, and thus is frequently queried (whether you have WordPress installed or not) by bots and other abusive sites looking for out-of-date WordPress installations to attack via [[WordPress Security]] holes.
#
loqi.me
created /wp-login.php (+293) "prompted by tantek and dfn added by tantek"
(view diff)
#
tantek
it's my #1 404 by orders of magnitude
#
tantek
16,072 error hits this month alone
#
tantek
also seeing a bunch of hits on various php files in a /plus/ directory
#
tantek
(which I've never had)
#
tantek
what is plus?
#
Loqi
It looks like we don't have a page for "plus" yet. Would you like to create it?
tantek and KartikPrabhu joined the channel
#
aaronpk
We've had a discussion about that before
#
aaronpk
petermolnar shared a script to automatically block anything that requests wp-login.php using fail2ban
#
aaronpk
I've been running it for a few weeks now
#
KartikPrabhu
aaronpk: I just noticed that the logs link to people's profiles, but there is no visual indicator that it is a link. Maybe underlining on hover is good (?)
#
KartikPrabhu
profiles I mean website
#
tantek
what is fail2ban
#
Loqi
fail2ban is a utility that bans logins from IP addresses that show signs of malicious activity (like many failed login attempts) https://indieweb.org/fail2ban
#
tantek
hmm this is odd, I'm seeing an IP in my logs even though I've blocked them in .htaccess
#
tantek
double-checked to make sure the numbers are right too
miklb joined the channel
#
tantek
oh boy, the #4 in bandwidth, and #5 in hits IP address that is hitting my site is pin13.net ?
#
tantek
I'm assuming that's due to IRC logs being crawled and reindexed by search engines which are then crawling the pin13.net URLs, which is then causing an HTTP request to my site
#
tantek
!tell aaronpk could you setup a http://pin13.net/robots.txt (currently 404 ?) that tells robots not to request links there? at least on the mf2 parser? noindex I think?
#
Loqi
Ok, I'll tell them that when I see them next
cweiske and barpthewire joined the channel
#
Zegnat
!tell aaronpk maybe add a robots.txt to xray.p3k.io as well, when you are at it?
#
Loqi
Ok, I'll tell them that when I see them next
KevinMarks and KartikPrabhu joined the channel
#
aaronpk
good idea
#
Loqi
aaronpk: tantek left you a message 9 hours, 15 minutes ago: could you setup a http://pin13.net/robots.txt (currently 404 ?) that tells robots not to request links there? at least on the mf2 parser? noindex I think?
#
Loqi
aaronpk: Zegnat left you a message 4 hours, 51 minutes ago: maybe add a robots.txt to xray.p3k.io as well, when you are at it?
leg joined the channel
#
aaronpk
i keep finding more certificates issued by startcom on my various domains
#
martymcguire[m]
aaronpk: sorry to bug you but i'm having trouble using the IndieAuth email verification code method. IndieAuth says the email sent, but I'm not receiving it.
#
aaronpk
Hm let me take a look at the logs
#
aaronpk
did you check your spam filter?
#
martymcguire[m]
checked spam folder, currently empty.
tantek joined the channel
#
aaronpk
Can you pm me the email address you entered?
#
martymcguire[m]
one sec while i figure out how to do PM from matrix => IRC user
#
aaronpk
550 5.1.1 <***@***.***>: Recipient address rejected: User unknown"
#
martymcguire[m]
haha, is that a literal ***@***.***?
#
Loqi
nice
#
petermolnar
oh, I love that idea
#
petermolnar
*@petermolnar.eu
#
petermolnar
as main email address
#
aaronparecki.com
edited /wiki/backup (+150) "remove btsync"
(view diff)
#
tantek
martymcguire[m]: have you had a chance to run Screech through the micropub.rocks client tests and resubmit a report that way?
#
martymcguire[m]
tantek: i ran through the tests and updated the report but apparently did not submit the PR! looking for that now.
#
tantek
martymcguire[m]: that woudl be great!
#
martymcguire[m]
PR submitted. i remember now why i held off on re-submitting: screech cannot pass the multipart file upload test on micropub.rocks because screech doesn't support `photo`, only `audio`.
#
aaronpk
yeah i had this challenge in a few places with the tests
#
aaronpk
whether to restrict the vocabulary the test accepts
#
martymcguire[m]
it is a totally reasonable decision. and i *do* plan on adding `photo` support to screech for episode posters.
#
aaronpk
actually, since the spec explicitly mentions "photo" "video" and "audio" i should just make micropub.rocks accept any of those
#
martymcguire[m]
but i don't have an immediate use-case for audio+photo on the sites where i publish audio right now, so i am procrastinating on adding the feature.
#
aaronpk
martymcguire[m]: i got a 500 error trying to sign in to screech, can you check it out?
#
martymcguire[m]
looking now
#
aaronpk
it's probably partly my fault because i was using my dev copy of micropub.rocks, but still it shouldn't have 500'd
#
martymcguire[m]
well this is awkward. i don't see a 500 in my logs. :[
#
martymcguire[m]
oh wait, i see the 500 but no related error logging
#
martymcguire[m]
currently looks like it happened in flask-micropub code callback handler
#
martymcguire[m]
not immediately sure how to set up a test case to reproduce. i see that you logged in successfully soon after. did something change between those attempts that you know of?
#
aaronpk
yeah, i changed the site's base URL from micropubrocks.dev to one with public DNS
#
aaronpk
i'm guessing on the callback, your site tried to find the token endpoint and got micropubrocks.dev instead of a real DNS name
#
aaronpk
so it should error out, but shouldn't crash like that
#
martymcguire[m]
that is helpful, thanks!
#
martymcguire[m]
wahoo!
#
aaronpk
now i just gotta do the same for the JSON version
#
loqi.me
created /.ovh (+79) "prompted by tantek and dfn added by sknebel"
(view diff)
#
tantek.com
edited /bandwidth (+423) "split troubleshooting into subsections, note blacklist IP checking tool"
(view diff)
#
www.svenknebel.de
created /OVH (+90) "Created page with "{{stub}} '''<dfn>[https://www.ovh.com OVH]</dfn>''' is a large European hosting provider.""
(view diff)
#
tantek
aaronpk - glad to see this is improving the test suite too!
#
aaronpk
indeed
#
martymcguire[m]
yeah, thanks! should i update my implementation report PR to note that screech passes #300 on the updated test? :}
#
aaronpk
yeah! or you can wait for me to deploy this if you want to see it yourself
loicm and [cleverdevil] joined the channel
#
aaronpk
martymcguire[m]: alright, deployed!
#
tantek
aaronpk++
#
Loqi
aaronpk has 38 karma in this channel (1247 overall)
#
martymcguire[m]
aaronpk++ great! I'll test it now.
#
Loqi
aaronpk has 39 karma in this channel (1248 overall)
#
aaronpk
i'm counting that as today's project
#
loqi.me
created /PUE (+70) "prompted by petermolnar and dfn added by bear"
(view diff)
#
aaronpk
lol how big is that file
#
aaronpk
i'm caching the files in Redis, i hope that works
#
martymcguire[m]
a few megs. it's the latest TWIIW audio edition :]
#
aaronpk
does it play back in the previewer?
#
martymcguire[m]
it does!
#
martymcguire[m]
ok, PR should be good to go now: https://github.com/w3c/Micropub/pull/82
#
aaronpk
hooray
#
martymcguire[m]
thanks for the nudge, tantek, and thanks for all the help aaronpk !
#
loqi.me
created /bots (+19) "prompted by tantek and dfn added by tantek"
(view diff)
#
tantek.com
edited /bandwidth (+1826) "/* Look for IPs bots files */ dealing with IPs, bots, files"
(view diff)
#
tantek
bear, major update/braindump to https://indieweb.org/bandwidth#Look_for_IPs_bots_files (including methods I use) - would like your review and contributions! thanks!
#
bear
:eyes:
#
tantek
this is good because you get to see my semi-technical but non-professional-sysadmin perspective and hopefully we write these docs for at least that level of audience
#
bear
yes, that is the voice I'm reading things
#
bear
tantek++ on no-ops centric docs
#
Loqi
tantek has 5 karma in this channel (323 overall)
#
bear
the biggest concern I have is that the htaccess method still requires the web server to handle the request and then reject it -- a better solution would be to block it using iptables or the like, but that is soooo not a user friendly method
#
tantek
as if htaccess is a user friendly method ?
#
tantek
it's the only method I know so I use it
#
tantek
would be great to learn about iptables etc.
#
tantek
also wondering if iptables are something a hosting provider would all you to edit etc.
#
bear
iptables is almost never available on a shared hosting setup - it manipulates the network stack directly
#
bear
but, if you have root access then you have iptables access
#
tantek
I have ssh access but not root AFAIK
#
tantek
what are iptables
#
Loqi
It looks like we don't have a page for "iptables" yet. Would you like to create it?
#
bear
girds his ...
#
bear
iptables is a tool used to manipulate rules that configure the network stack by updating the Linux kernel firewall via Netfilter modules
#
loqi.me
created /iptables (+164) "prompted by tantek and dfn added by bear"
(view diff)
#
tantek
is not going to what is the rest of the terms in that dfn to avoid testing bear's patience
#
bear
:) - give me a minute to finish this thought and go for it
#
loqi.me
created /reload (+137) "prompted by tantek and dfn added by bear"
(view diff)
#
loqi.me
created /restart (+132) "prompted by tantek and dfn added by bear"
(view diff)
#
bear.im
edited /reload (+33) "add see-also"
(view diff)
#
bear.im
edited /restart (+33) "add see-also"
(view diff)
KartikPrabhu and miklb joined the channel
#
www.svenknebel.de
edited /User:Www.svenknebel.de (+334) "general update"
(view diff)
#
loqi.me
created /photo_metadata (+27) "prompted by sknebel and dfn added by sknebel"
(view diff)
#
sknebel
Could someone who just looked up the EXIF rotation issue write a sentence or two about this on /image_metadata and/or /EXIF?
tantek joined the channel
#
loqi.me
edited /image_metadata (+35) "Zegnat added "http://metadataworkinggroup.org/" to "See Also""
(view diff)
miklb joined the channel
#
GWG
Afternoon
leg, gRegorLove, [dgold] and KevinMarks joined the channel
#
loqi.me
created /Google_Meet (+110) "prompted by gRegorLove and dfn added by gRegorLove"
(view diff)
#
loqi.me
created /Hangouts_Chat (+131) "prompted by gRegorLove and dfn added by gRegorLove"
(view diff)
#
gRegorLove
Hangouts << [[Google Meet]]
#
loqi.me
edited /Hangouts (+18) "gRegorLove added "[[Google Meet]]" to "See Also""
(view diff)
#
Loqi
ok, I added "[[Google Meet]]" to the "See Also" section of /Hangouts
#
loqi.me
edited /Hangouts (+20) "gRegorLove added "[[Hangouts Chat]]" to "See Also""
(view diff)
#
Loqi
ok, I added "[[Hangouts Chat]]" to the "See Also" section of /Hangouts
#
gregorlove.com
edited /Hangouts_Chat (+138) "links, see also"
(view diff)
#
gregorlove.com
edited /Google_Meet (+69) "link dfn, see also"
(view diff)
#
gregorlove.com
edited /Google (+113) "+messaging services section"
(view diff)
#
gRegorLove
Phew. That's at least 5 current Google messaging services
#
tantek
The FB Messenger team must be laughing at them
#
gRegorLove
Think they'll have to pull of something really amazing to successfully take on Slack
#
gRegorLove
*off something
#
tantek
True. Slack has taken over business/group messaging, while Messenger has done the same for personal. Over the past year I saw many former gtalk/Hangouts using friends switch (and be more available on) FB Messenger
#
sknebel
Slack seemed more worried by Microsoft Teams, but I haven't seen that in the wild yet
#
tantek
I did keep filing bugs against Hangouts in the hopes that Google would improve it, but I don't know if anything I reported ever got fixed.
#
tantek
e.g. handling gtalk: URLs or make a new URL scheme to handle etc.
#
tantek
performance problems
#
gRegorLove
Interesting. I might be an anomaly in that I've avoided FB Messenger as much as possible.
#
tantek
gRegorLove: lots of people do. I'm just saying that the gtalk folks have largely switched over
#
sknebel
(when MS Teams was announced they took out a full-page ad in some major newspaper which didn't seem like very confident messaging to me: https://twitter.com/stewart/status/793811616760496128/photo/1 )
#
@stewart
That feeling when you think "we should buy a full page in the Times and publish an open letter," and then you do. ? https://pbs.twimg.com/media/CwQvc_RWEAAaeCC.jpg
(twitter.com/_/status/793811616760496128)
#
tantek
folks I knew that used to stick stubbornly to gtalk
#
gRegorLove
Yeah, I'm a gtalk folk
#
tantek
nah, you're IRC ;)
#
gRegorLove
Well, true, IRC definitely gets more volume for me now. But I'm still on Hangouts :)
#
tantek
I mean, so am I, but now Hangouts's primary use-case for me is free US phone calls over wifi
#
gRegorLove
Cool. Does that use your Google Voice number?
#
tantek
hah no number needed
#
aaronpk
if you have a google voice number on the account then it does use it as the outgoing caller ID
#
gRegorLove
Oh, so you can't get incoming calls? Feature :)
#
tantek
bingo
#
aaronpk
what shows up as the caller ID when you don't have a google voice number?
#
tantek
well aaronpk, what do you see?
#
aaronpk
"unknown caller"
#
tantek
there you :)
#
aaronpk
interesting that google didn't do something fancy with that because it was ringing my hangouts app
#
aaronpk
they could have shown me that your google account was calling
#
tantek
lots of "they could haves" when it comes to Google and comms
#
Zegnat
Maybe they do fancy things if you send a text message, if it supports that? I believe Skype shows your Skype username as sender on text messages.
KartikPrabhu, [cleverdevil] and KevinMarks joined the channel
KartikPrabhu and tantek joined the channel