#tantekalso this is now making me think a convention for jf2 + template -> mf2 would be really handy
#tantekso services would not have to hardcode the HTML they return, but rather could allow the client to provide a template to fill-in with the info from the jf2
#tantekbasically a new HTML-based (obv) template syntax for jf2 -> mf2
Kai1 and eli_oat joined the channel
#ben_thatmustbemeSounds like tantek is getting dangerously close to xslt
#tantekthinking more along the lines of: 1) research/analyze the most usable template formats out there (e.g. anything from MediaWiki to what's on /template ), 2) brainstorm a template format in HTML, you might even say, a template microformat
#ZegnatWe were talking about different attack vectors in #indieweb-chat yesterday, and wanted to put this out there (logged) for people: a (g)zip bomb will not kill your server if you use PHP’s file_get_contents, it only fetches plain text. Most XML attacks will also not work against PHP’s DOMDocument XML parsing, though you may want to make sure not to e
#ZegnatA lot of so called “HTML parsers” are actually based on libxml or other XML parsers. Like PHP’s DOMDocument. So we were wondering how many attacks our webmention endpoints were being vulnerable to ;)
kants, jjuran and [kevinmarks] joined the channel
#[kevinmarks]if you're thinking about templates, the hard part is repeated elements.
#Zegnat[kevinmarks], re: http://www.lifewithalacrity.com/, that CSS does not load local Tufte fonts? That is too bad. I have the font installed, but block webfonts in my browser. It could have shown me the correct font but now it doesn’t because it has no local fallback set :(
[miklb], [cleverdevil], tantek, snarfed, [davidmead] and [kevinmarks] joined the channel
#ZegnatIs there anything like a babies-first-VPS out there? E.g. where the box is secure and has a proper server config from the start, but would allow me to install libsodium, pick my own PHP version, run some daemons that sort of stuff?
#sknebelThere is a bunch of scripts and guides, not sure if there is something prepared. But really, as long as you run only basics there is good documentation. (Set up firewall, proper SSH config, automatic updates (or not) takes care of a lot
#ZegnatI kinda don’t want to have to worry about proper firewall and ssh configs.
#ZegnatMaybe I should look for deployment-ready-images
#snarfedZegnat: consider shared hosting? you can install and run arbitrary binaries, and usually daemons, but they have root and own sysadmin stuff. the servers are also often security-focused OSes like FreeBSD/NetBSD
#[miklb]I have no vested interest in them other than it’s convenient for a few things. I do like that you can add your public key to your account so when you spin up an instance it will add it so you can easily ssh to get started. The few one-click installers I’ve tested are solid.
#[miklb]My experience learning was getting a cheap VPS and breaking stuff, destroying and starting over until I felt comfortable enough to move my site.
#sknebelZegnat: at least picking PHP version and installing your own PHP modules should be suported on uberspace by their tooling
#sknebel(and maybe even be possible totally around them, since you can install all kind of custom services, and said service could of course be a php interpreter
#sknebelI thought there was something to install at least stuff from PECL
#ZegnatThere are a few things I am finding annoying. My connection with my bouncer dies randomly from time to time, stating something about the service being unreachable. Sometimes get server reboots without communication.
#ZegnatIt runs my current site pretty well, and their pay-what-you-want lets you experiment, but I am just not sure they are still what I want
#ZegnatI wouldn’t mind getting a little more control over what is being run, in trade for a little more cash. Just not sure if I trust myself with all the fiddly bits