#dev 2017-07-07

2017-07-07 UTC
tantek joined the channel
# 00:02 
tantek also this is now making me think a convention for jf2 + template -> mf2 would be really handy
# 00:02 
tantek so services would not have to hardcode the HTML they return, but rather could allow the client to provide a template to fill-in with the info from the jf2
# 00:03 
tantek basically a new HTML-based (obv) template syntax for jf2 -> mf2
Kai1 and eli_oat joined the channel
# 00:29 
ben_thatmustbeme Sounds like tantek is getting dangerously close to xslt
# 00:30 
ben_thatmustbeme Re: templates for jf2 -> mf2
# 00:30 
ben_thatmustbeme Hehe
tantek joined the channel
# 00:51 
ben_thatmustbeme waits for tantek to see the logs
snarfed, tantek and j12t joined the channel
# 01:17 
tantek lol no way
# 01:18 
tantek h2vx already has enough xslt tech debt
j12t_ joined the channel
# 01:19 
tantek thinking more along the lines of: 1) research/analyze the most usable template formats out there (e.g. anything from MediaWiki to what's on /template ), 2) brainstorm a template format in HTML, you might even say, a template microformat
# 01:19 
tantek based on said research obv
# 01:19 
tantek no desire to replicate the nearly unreadable madness of xslt
j12t__, j12t___, j12t, davidmead, snarfed, billbennettnz, prtksxna, prtksxna_ and [miklb] joined the channel
# 03:44 
[miklb] !tell manton I tried disabling/blocking xmlrpc in WP but no dice on bypassing it and using micropub.
# 03:44 
Loqi Ok, I'll tell them that when I see them next
prtksxna and tantek joined the channel
# 04:54 
www.boffosocko.com created /Indieweb_for_Journalism (+10348) "stub with definition, sketch, examples, resources" (view diff)
sebsel, gRegorLove, AngeloGladding, tantek, barpthewire, petermolnar, cweiske and [pfefferle] joined the channel
# 07:21 
[pfefferle] good morning
# 07:22 
Loqi guten morgen
prtksxna joined the channel
# 09:57 
Zegnat We were talking about different attack vectors in #indieweb-chat yesterday, and wanted to put this out there (logged) for people: a (g)zip bomb will not kill your server if you use PHP’s file_get_contents, it only fetches plain text. Most XML attacks will also not work against PHP’s DOMDocument XML parsing, though you may want to make sure not to e
# 09:57 
Zegnat nable the LIBXML_NOENT flag.
# 10:01 
Zegnat Some interesting stuff re XML: https://stackoverflow.com/questions/10212752/how-can-i-use-phps-various-xml-libraries-to-get-dom-like-functionality-and-avoi
# 10:12 
cweiske xml attacks.. /me remembers https://bugzilla.gnome.org/show_bug.cgi?id=554660
# 10:16 
Zegnat A lot of so called “HTML parsers” are actually based on libxml or other XML parsers. Like PHP’s DOMDocument. So we were wondering how many attacks our webmention endpoints were being vulnerable to ;)
kants, jjuran and [kevinmarks] joined the channel
# 11:11 
[kevinmarks] if you're thinking about templates, the hard part is repeated elements.
# 11:11 
[kevinmarks] what Lea did with Mavo is interesting https://www.smashingmagazine.com/2017/05/introducing-mavo/
davidmead, ben_thatmustbeme, raucao and barpthewire joined the channel
# 12:50 
jonnybarnes hello
barpthewire, [kevinmarks] and [davidmead] joined the channel
# 13:01 
[davidmead] snarfed: karma++
# 13:02 
cweiske what is karma?
# 13:02 
Loqi It looks like we don't have a page for "karma" yet. Would you like to create it?
# 13:02 
[davidmead] snarfed++ for brid.gy issue ?
# 13:02 
Loqi snarfed has 5 karma in this channel (287 overall)
# 13:03 
[davidmead] gRegorLove+ for brid.gy issue
# 13:04 
[davidmead] gRegorLove++ for brid.gy issue
# 13:04 
Loqi gregorlove has 32 karma in this channel (170 overall)
# 13:04 
[davidmead] ugh. typos in the morning
eli_oat and eli_oat1 joined the channel
# 13:20 
Zegnat [kevinmarks], re: http://www.lifewithalacrity.com/, that CSS does not load local Tufte fonts? That is too bad. I have the font installed, but block webfonts in my browser. It could have shown me the correct font but now it doesn’t because it has no local fallback set :(
# 13:37 
[kevinmarks] hm. how would I change that?
# 13:43 
calumryan.com edited /Main_Page (-31) "/* Upcoming Homebrew Website Club meetups */ Update next to July 12th" (view diff)
# 13:58 
srikanthperinkulam.com edited /Indieweb_for_Journalism (+133) (view diff)
snarfed, [miklb], dougbeal|mb1, eli_oat, [pfefferle], [davidmead], Loqi, prtksxna, tbbrown, cweiske and [aaronpk] joined the channel
# 16:00 
@rubygems jekyll-webmention_io (2.5.0): This Gem includes a suite of tools for managing webmentions in Jekyll: * Tags -… https://rubygems.org/gems/jekyll-webmention_io (twitter.com/_/status/883341592756711426)
[miklb] and snarfed joined the channel
# 16:40 
Zegnat Well, a diff like this is pretty useless... https://github.com/Inklings-io/selfauth/compare/data-validation
# 16:40 
Zegnat Have fun reviewing that ben_thatmustbeme, sknebel xD
snarfed joined the channel
# 16:49 
ben_thatmustbeme Zegnat, this is when vimdiff comes in handy
# 16:49 
ben_thatmustbeme it all looks logical to me
# 16:49 
ben_thatmustbeme haven't tested it yet
# 16:49 
Zegnat aaronpk is there such a thing as a “full IndieAuth spec”? Instead of /indieauth-for-login, /authorization-endpoint, /token-endpoint, and /obtaining-an-access-token?
# 16:49 
ben_thatmustbeme i'm assuming you have
# 16:49 
Zegnat Yes. I am already running this code live. With a very small adjustment that makes the verification default to form rather than json output
# 16:50 
Zegnat Not ready for merge yet, therefor no PR.
# 16:50 
Zegnat It currently accepts scope on id, I don’t think that is right but I am also not sure. Need to read more spec
# 16:52 
Zegnat Should we apply some style guide? PSR / PEAR? This might be the PR to do it in, as this already touches most LoC anyway.
[kevinmarks] and [chrisaldrich] joined the channel
# 17:40 
gregorlove.com edited /User:Gregorlove.com (+20) "Loqi, are you back?" (view diff)
# 17:40 
gRegorLove woot!
# 17:40 
Loqi ?
# 17:43 
gregorlove.com created /micropub.rocks (+28) "r" (view diff)
# 17:59 
gregorlove.com moved /indiewebify to /Indiewebify.me "canonical name"
[miklb], [cleverdevil], tantek, snarfed, [davidmead] and [kevinmarks] joined the channel
# 20:33 
Zegnat Is there anything like a babies-first-VPS out there? E.g. where the box is secure and has a proper server config from the start, but would allow me to install libsodium, pick my own PHP version, run some daemons that sort of stuff?
# 20:37 
sknebel Good evening Zegnat
# 20:37 
Zegnat Hi sknebel :)
snarfed joined the channel
# 20:39 
sknebel There is a bunch of scripts and guides, not sure if there is something prepared. But really, as long as you run only basics there is good documentation. (Set up firewall, proper SSH config, automatic updates (or not) takes care of a lot
# 20:43 
Zegnat I kinda don’t want to have to worry about proper firewall and ssh configs.
# 20:51 
Zegnat Maybe I should look for deployment-ready-images
tantek joined the channel
# 21:00 
gregorlove.com edited /import (+124) "dfn" (view diff)
# 21:00 
gRegorLove export << import
# 21:00 
Loqi ok, I added "[[import]]" to the "See Also" section of /export
# 21:00 
loqi.me edited /export (+13) "gRegorLove added "[[import]]" to "See Also"" (view diff)
# 21:00 
gRegorLove import << data-portability
# 21:00 
Loqi ok, I added "[[data-portability]]" to the "See Also" section of /import
# 21:00 
loqi.me edited /import (+23) "gRegorLove added "[[data-portability]]" to "See Also"" (view diff)
snarfed joined the channel
# 21:10 
snarfed Zegnat: consider shared hosting? you can install and run arbitrary binaries, and usually daemons, but they have root and own sysadmin stuff. the servers are also often security-focused OSes like FreeBSD/NetBSD
# 21:10 
snarfed e.g. my web site is on a shared account on https://www.pair.com/ with that setup
[johnhenry] and [miklb] joined the channel
# 21:15 
[miklb] Zegnat, checkout Digital Ocean. They have some one click installers, and just added a this https://www.digitalocean.com/community/tutorials/an-introduction-to-digitalocean-cloud-firewalls
# 21:15 
@WendyandCharles ReadersGazette: BLOG Indie Author Answers by Jim Heskett http://www.thejugglingauthor.com/indieauth/ Get help writing your book #bookbloggers 64 (twitter.com/_/status/883128096177737728)
# 21:15 
gRegorLove We use pair for our client sites too; it's always been pretty good
# 21:17 
Zegnat I am on a shared with ssh access, at uberspace, but I can’t actually get at the server settings at all as far as I have seen
# 21:18 
Zegnat How much customising does pair allow?
# 21:18 
Zegnat reads DigitalOcean thing
# 21:19 
[miklb] DO usually has some promo codes to get a free month or two to test it out with.
# 21:23 
[miklb] oh, yeah, a referral link will give you $10 credit. I’m sure no shortage of people here that can provide one.
# 21:26 
Zegnat I don’t think I understand DigitalOcean’s products page, haha
# 21:26 
Loqi hehe
# 21:26 
Zegnat Apparently I need to retire for the night
# 21:28 
[miklb] I have no vested interest in them other than it’s convenient for a few things. I do like that you can add your public key to your account so when you spin up an instance it will add it so you can easily ssh to get started. The few one-click installers I’ve tested are solid.
# 21:30 
[miklb] My experience learning was getting a cheap VPS and breaking stuff, destroying and starting over until I felt comfortable enough to move my site.
# 21:31 
sknebel Zegnat: at least picking PHP version and installing your own PHP modules should be suported on uberspace by their tooling
# 21:32 
Zegnat modules too? Maybe I missed that somewhere
# 21:32 
sknebel (and maybe even be possible totally around them, since you can install all kind of custom services, and said service could of course be a php interpreter
# 21:34 
sknebel I thought there was something to install at least stuff from PECL
# 21:34 
Zegnat There are a few things I am finding annoying. My connection with my bouncer dies randomly from time to time, stating something about the service being unreachable. Sometimes get server reboots without communication.
# 21:34 
Zegnat It runs my current site pretty well, and their pay-what-you-want lets you experiment, but I am just not sure they are still what I want
# 21:35 
sknebel ok
# 21:40 
Zegnat I wouldn’t mind getting a little more control over what is being run, in trade for a little more cash. Just not sure if I trust myself with all the fiddly bits
tantek and snarfed joined the channel
# 21:59 
gregorlove.com edited /rsvps (+4) "link /responses" (view diff)
snarfed and tantek joined the channel
# 22:27 
www.boffosocko.com created /Beaker_Browser (+239) "stub with definition and link" (view diff)
# 22:28 
[miklb] that’s what Jim Pick was demoing at IWS, yes?
# 22:28 
gregorlove.com created /Dat (+106) "stub" (view diff)
# 22:29 
gRegorLove [miklb]: Yeah
# 22:30 
gRegorLove Beaker Browser << Dat
# 22:30 
Loqi ok, I added "[[Dat]]" to the "See Also" section of /Beaker_Browser
# 22:30 
loqi.me edited /Beaker_Browser (+10) "gRegorLove added "[[Dat]]" to "See Also"" (view diff)
# 22:31 
gRegorLove Dat << Beaker Browser
# 22:31 
loqi.me edited /Dat (+38) "/* See Also */ new section" (view diff)
# 22:31 
Loqi ok, I added "[[Beaker Browser]]" to the "See Also" section of /Dat
# 22:31 
gregorlove.com edited /Beaker_Browser (+27) "using Dat protocol" (view diff)
# 22:32 
[miklb] Zegnat has inspired me to play with the fiddly parts and get redis object cache working with WordPress on my VPS tonight.
# 22:32 
www.boffosocko.com edited /Indieweb_for_Journalism (+2162) "POSSE in journalism; Bill Bennett article" (view diff)
tbbrown and snarfed joined the channel
# 23:34 
aaronpk does the twitter API not include exact geo coordinates anymore?
AngeloGladding and snarfed joined the channel