#dev 2017-03-21

2017-03-21 UTC
[eddie] joined the channel
#
[eddie] aaronpk: I noticed in your https://aaronparecki.com/2017/03/18/14/day-88-checkins post you show some of your data file. It looks very similar to jekyll’s files. Have you ever posted about your data storage? Is it a sensitive topic? So far, my jekyll storage is horrible as I’ve been hand-coding everything. Now that I’m integrating jekyll with micropub, I’m either having to do a lot of hand-coded translations or I’m having to re-do my st
#
[eddie] micropub like how you’ve done. Curious if you have any thoughts/best practices for that?
#
Loqi [Aaron Parecki] Day 88: Checkins! #100DaysOfIndieWeb
tantek joined the channel
#
tantek wonders if he should block every IP that requests /wp-login.php
#
tantek since he has never had WP installed on his site
#
tantek what is wp-login.php
#
Loqi It looks like we don't have a page for "wp-login.php" yet. Would you like to create it?
#
tantek wp-login.php is the login page for a [[WordPress]] installation, and thus is frequently queried (whether you have WordPress installed or not) by bots and other abusive sites looking for out-of-date WordPress installations to attack via [[WordPress Security]] holes.
#
Loqi ok
#
loqi.me created /wp-login.php (+293) "prompted by tantek and dfn added by tantek" (view diff)
#
tantek it's my #1 404 by orders of magnitude
#
tantek 16,072 error hits this month alone
#
tantek also seeing a bunch of hits on various php files in a /plus/ directory
#
tantek (which I've never had)
#
tantek what is plus?
#
Loqi It looks like we don't have a page for "plus" yet. Would you like to create it?
tantek and KartikPrabhu joined the channel
#
aaronpk We've had a discussion about that before
#
aaronpk petermolnar shared a script to automatically block anything that requests wp-login.php using fail2ban
#
aaronpk I've been running it for a few weeks now
#
KartikPrabhu aaronpk: I just noticed that the logs link to people's profiles, but there is no visual indicator that it is a link. Maybe underlining on hover is good (?)
#
KartikPrabhu profiles I mean website
#
tantek what is fail2ban
#
Loqi fail2ban is a utility that bans logins from IP addresses that show signs of malicious activity (like many failed login attempts) https://indieweb.org/fail2ban
#
tantek hmm this is odd, I'm seeing an IP in my logs even though I've blocked them in .htaccess
#
tantek double-checked to make sure the numbers are right too
miklb joined the channel
#
tantek oh boy, the #4 in bandwidth, and #5 in hits IP address that is hitting my site is pin13.net ?
#
tantek I'm assuming that's due to IRC logs being crawled and reindexed by search engines which are then crawling the pin13.net URLs, which is then causing an HTTP request to my site
#
tantek !tell aaronpk could you setup a http://pin13.net/robots.txt (currently 404 ?) that tells robots not to request links there? at least on the mf2 parser? noindex I think?
#
Loqi Ok, I'll tell them that when I see them next
cweiske and barpthewire joined the channel
#
Zegnat !tell aaronpk maybe add a robots.txt to xray.p3k.io as well, when you are at it?
#
Loqi Ok, I'll tell them that when I see them next
KevinMarks and KartikPrabhu joined the channel
#
aaronpk good idea
#
Loqi aaronpk: tantek left you a message 9 hours, 15 minutes ago: could you setup a http://pin13.net/robots.txt (currently 404 ?) that tells robots not to request links there? at least on the mf2 parser? noindex I think?
#
Loqi aaronpk: Zegnat left you a message 4 hours, 51 minutes ago: maybe add a robots.txt to xray.p3k.io as well, when you are at it?
#
aaronpk done
leg joined the channel
#
aaronpk i keep finding more certificates issued by startcom on my various domains
#
martymcguire[m] aaronpk: sorry to bug you but i'm having trouble using the IndieAuth email verification code method. IndieAuth says the email sent, but I'm not receiving it.
#
aaronpk Hm let me take a look at the logs
#
aaronpk did you check your spam filter?
#
martymcguire[m] checked spam folder, currently empty.
tantek joined the channel
#
aaronpk Can you pm me the email address you entered?
#
martymcguire[m] one sec while i figure out how to do PM from matrix => IRC user
#
aaronpk heh
#
aaronpk 550 5.1.1 <***@***.***>: Recipient address rejected: User unknown"
#
martymcguire[m] haha, is that a literal ***@***.***?
#
Loqi nice
#
aaronpk no
#
petermolnar oh, I love that idea
#
petermolnar *@petermolnar.eu
#
petermolnar as main email address
#
aaronparecki.com edited /wiki/backup (+150) "remove btsync" (view diff)
#
tantek martymcguire[m]: have you had a chance to run Screech through the micropub.rocks client tests and resubmit a report that way?
#
martymcguire[m] tantek: i ran through the tests and updated the report but apparently did not submit the PR! looking for that now.
#
tantek martymcguire[m]: that woudl be great!
#
martymcguire[m] PR submitted. i remember now why i held off on re-submitting: screech cannot pass the multipart file upload test on micropub.rocks because screech doesn't support `photo`, only `audio`.
#
aaronpk aha!
#
aaronpk yeah i had this challenge in a few places with the tests
#
aaronpk whether to restrict the vocabulary the test accepts
#
martymcguire[m] it is a totally reasonable decision. and i *do* plan on adding `photo` support to screech for episode posters.
#
aaronpk actually, since the spec explicitly mentions "photo" "video" and "audio" i should just make micropub.rocks accept any of those
#
martymcguire[m] but i don't have an immediate use-case for audio+photo on the sites where i publish audio right now, so i am procrastinating on adding the feature.
#
aaronpk martymcguire[m]: i got a 500 error trying to sign in to screech, can you check it out?
#
martymcguire[m] looking now
#
aaronpk it's probably partly my fault because i was using my dev copy of micropub.rocks, but still it shouldn't have 500'd
#
martymcguire[m] well this is awkward. i don't see a 500 in my logs. :[
#
aaronpk hmmmm
#
martymcguire[m] oh wait, i see the 500 but no related error logging
#
martymcguire[m] currently looks like it happened in flask-micropub code callback handler
#
martymcguire[m] not immediately sure how to set up a test case to reproduce. i see that you logged in successfully soon after. did something change between those attempts that you know of?
#
aaronpk yeah, i changed the site's base URL from micropubrocks.dev to one with public DNS
#
aaronpk i'm guessing on the callback, your site tried to find the token endpoint and got micropubrocks.dev instead of a real DNS name
#
aaronpk so it should error out, but shouldn't crash like that
#
martymcguire[m] that is helpful, thanks!
#
aaronpk excellent: https://media.aaronpk.com/Screen-Shot-2017-03-21-09-32-13.png
#
martymcguire[m] wahoo!
#
aaronpk now i just gotta do the same for the JSON version
#
loqi.me created /.ovh (+79) "prompted by tantek and dfn added by sknebel" (view diff)
#
tantek.com edited /bandwidth (+423) "split troubleshooting into subsections, note blacklist IP checking tool" (view diff)
#
www.svenknebel.de created /OVH (+90) "Created page with "{{stub}} '''<dfn>[https://www.ovh.com OVH]</dfn>''' is a large European hosting provider."" (view diff)
#
tantek aaronpk - glad to see this is improving the test suite too!
#
aaronpk indeed
#
martymcguire[m] yeah, thanks! should i update my implementation report PR to note that screech passes #300 on the updated test? :}
#
aaronpk yeah! or you can wait for me to deploy this if you want to see it yourself
loicm and [cleverdevil] joined the channel
#
aaronpk martymcguire[m]: alright, deployed!
#
tantek aaronpk++
#
Loqi aaronpk has 38 karma in this channel (1247 overall)
#
martymcguire[m] aaronpk++ great! I'll test it now.
#
Loqi aaronpk has 39 karma in this channel (1248 overall)
#
aaronpk i'm counting that as today's project
#
loqi.me created /PUE (+70) "prompted by petermolnar and dfn added by bear" (view diff)
#
aaronpk lol how big is that file
#
aaronpk i'm caching the files in Redis, i hope that works
#
martymcguire[m] a few megs. it's the latest TWIIW audio edition :]
#
aaronpk does it play back in the previewer?
#
martymcguire[m] it does!
#
aaronpk nice
#
martymcguire[m] ok, PR should be good to go now: https://github.com/w3c/Micropub/pull/82
#
aaronpk hooray
#
martymcguire[m] thanks for the nudge, tantek, and thanks for all the help aaronpk !
#
loqi.me created /bots (+19) "prompted by tantek and dfn added by tantek" (view diff)
#
tantek.com edited /bandwidth (+1826) "/* Look for IPs bots files */ dealing with IPs, bots, files" (view diff)
#
tantek bear, major update/braindump to https://indieweb.org/bandwidth#Look_for_IPs_bots_files (including methods I use) - would like your review and contributions! thanks!
#
bear :eyes:
#
tantek this is good because you get to see my semi-technical but non-professional-sysadmin perspective and hopefully we write these docs for at least that level of audience
#
bear yes, that is the voice I'm reading things
#
bear tantek++ on no-ops centric docs
#
Loqi tantek has 5 karma in this channel (323 overall)
#
bear the biggest concern I have is that the htaccess method still requires the web server to handle the request and then reject it -- a better solution would be to block it using iptables or the like, but that is soooo not a user friendly method
#
tantek as if htaccess is a user friendly method ?
#
tantek it's the only method I know so I use it
#
tantek would be great to learn about iptables etc.
#
tantek also wondering if iptables are something a hosting provider would all you to edit etc.
#
bear iptables is almost never available on a shared hosting setup - it manipulates the network stack directly
#
bear but, if you have root access then you have iptables access
#
tantek I have ssh access but not root AFAIK
#
tantek what are iptables
#
Loqi It looks like we don't have a page for "iptables" yet. Would you like to create it?
#
bear girds his ...
#
bear iptables is a tool used to manipulate rules that configure the network stack by updating the Linux kernel firewall via Netfilter modules
#
Loqi ok
#
loqi.me created /iptables (+164) "prompted by tantek and dfn added by bear" (view diff)
#
tantek whoa
#
tantek is not going to what is the rest of the terms in that dfn to avoid testing bear's patience
#
bear :) - give me a minute to finish this thought and go for it
#
loqi.me created /reload (+137) "prompted by tantek and dfn added by bear" (view diff)
#
loqi.me created /restart (+132) "prompted by tantek and dfn added by bear" (view diff)
#
bear.im edited /iptables (+102) (view diff)
#
bear.im edited /reload (+33) "add see-also" (view diff)
#
bear.im edited /restart (+33) "add see-also" (view diff)
KartikPrabhu and miklb joined the channel
#
www.svenknebel.de edited /User:Www.svenknebel.de (+334) "general update" (view diff)
#
loqi.me created /photo_metadata (+27) "prompted by sknebel and dfn added by sknebel" (view diff)
#
sknebel Could someone who just looked up the EXIF rotation issue write a sentence or two about this on /image_metadata and/or /EXIF?
tantek joined the channel
#
loqi.me edited /image_metadata (+35) "Zegnat added "http://metadataworkinggroup.org/" to "See Also"" (view diff)
miklb joined the channel
#
GWG Afternoon
#
@ChrisAldrich @pfefferle Webmentions plugin feedback: http://stream.boffosocko.com/2017/kartik_prabhu-webmentions-to-things-other-than-posts-pages-archives-etc-in#comments (twitter.com/_/status/844275169677881345)
leg, gRegorLove, [dgold] and KevinMarks joined the channel
#
loqi.me created /Google_Meet (+110) "prompted by gRegorLove and dfn added by gRegorLove" (view diff)
#
loqi.me created /Hangouts_Chat (+131) "prompted by gRegorLove and dfn added by gRegorLove" (view diff)
#
gRegorLove Hangouts << [[Google Meet]]
#
loqi.me edited /Hangouts (+18) "gRegorLove added "[[Google Meet]]" to "See Also"" (view diff)
#
Loqi ok, I added "[[Google Meet]]" to the "See Also" section of /Hangouts
#
gRegorLove Hangouts << [[Hangouts Chat]]
#
loqi.me edited /Hangouts (+20) "gRegorLove added "[[Hangouts Chat]]" to "See Also"" (view diff)
#
Loqi ok, I added "[[Hangouts Chat]]" to the "See Also" section of /Hangouts
#
gregorlove.com edited /Hangouts_Chat (+138) "links, see also" (view diff)
#
gregorlove.com edited /Google_Meet (+69) "link dfn, see also" (view diff)
#
gregorlove.com edited /Google (+113) "+messaging services section" (view diff)
#
gRegorLove Phew. That's at least 5 current Google messaging services
#
tantek The FB Messenger team must be laughing at them
#
gRegorLove Think they'll have to pull of something really amazing to successfully take on Slack
#
gRegorLove *off something
#
tantek True. Slack has taken over business/group messaging, while Messenger has done the same for personal. Over the past year I saw many former gtalk/Hangouts using friends switch (and be more available on) FB Messenger
#
sknebel Slack seemed more worried by Microsoft Teams, but I haven't seen that in the wild yet
#
tantek I did keep filing bugs against Hangouts in the hopes that Google would improve it, but I don't know if anything I reported ever got fixed.
#
tantek e.g. handling gtalk: URLs or make a new URL scheme to handle etc.
#
tantek performance problems
#
gRegorLove Interesting. I might be an anomaly in that I've avoided FB Messenger as much as possible.
#
tantek gRegorLove: lots of people do. I'm just saying that the gtalk folks have largely switched over
#
sknebel (when MS Teams was announced they took out a full-page ad in some major newspaper which didn't seem like very confident messaging to me: https://twitter.com/stewart/status/793811616760496128/photo/1 )
#
@stewart That feeling when you think "we should buy a full page in the Times and publish an open letter," and then you do. ? https://pbs.twimg.com/media/CwQvc_RWEAAaeCC.jpg (twitter.com/_/status/793811616760496128)
#
tantek folks I knew that used to stick stubbornly to gtalk
#
gRegorLove Yeah, I'm a gtalk folk
#
tantek nah, you're IRC ;)
#
gRegorLove Well, true, IRC definitely gets more volume for me now. But I'm still on Hangouts :)
#
gregorlove.com created /Google_Alerts (+161) "stub" (view diff)
#
tantek I mean, so am I, but now Hangouts's primary use-case for me is free US phone calls over wifi
#
gRegorLove Cool. Does that use your Google Voice number?
#
tantek hah no number needed
#
aaronpk if you have a google voice number on the account then it does use it as the outgoing caller ID
#
gRegorLove Oh, so you can't get incoming calls? Feature :)
#
tantek bingo
#
aaronpk what shows up as the caller ID when you don't have a google voice number?
#
tantek well aaronpk, what do you see?
#
aaronpk "unknown caller"
#
tantek there you :)
#
aaronpk interesting that google didn't do something fancy with that because it was ringing my hangouts app
#
aaronpk they could have shown me that your google account was calling
#
tantek lots of "they could haves" when it comes to Google and comms
#
aaronpk heh
#
Zegnat Maybe they do fancy things if you send a text message, if it supports that? I believe Skype shows your Skype username as sender on text messages.
KartikPrabhu, [cleverdevil] and KevinMarks joined the channel
#
tantek.com edited /events/2017-03-22-homebrew-website-club (+1) "/* RSVP */ SF URLs" (view diff)
KartikPrabhu and tantek joined the channel