#dev 2017-08-02

2017-08-02 UTC
KevinMarks_, leg, [kevinmarks], https_GK1wmSU, KevinMarks, j12t_, gRegorLove, [jeremycherfas] and cweiske joined the channel
# 05:39 
TheGillies Finally got this freaking webmention to show up how I want
# 05:48 
TheGillies [kevinmarks]: wow that's really cool
# 05:48 
TheGillies the kinda thing that only comes about out of nescessity
barpthewire joined the channel
# 08:00 
@NewsAsterisk Hola everyone! Interested in learning more about #webmentions? Here is all you want to know! #asterisknews ? #devs https://allinthehead.com/retro/378/implementing-webmentions (twitter.com/_/status/892654531514949632)
# 08:12 
Zegnat jeremycherfas, eli_oat, glad you both found my advice helpful :)
tantek_ and KevinMarks joined the channel
# 08:41 
petermolnar I'm looking at the follow up of that mastodon ddos tweet: https://twitter.com/mulander/status/874370124932943874
# 08:41 
@mulander Very creepy @WhatsApp, someone was apparently typing in an URL and WhatsApp was fetching it off my server char-by-char https://pbs.twimg.com/media/DCJi5tWXYAE6QI8.jpg (twitter.com/_/status/874370124932943874)
# 08:41 
petermolnar I'm fairly certain fail2ban would block whatsapp from my side and it would be completely valid
# 08:43 
cweiske fail2ban bans clients that fetch 404 pages?
# 08:43 
cweiske *your
# 08:43 
petermolnar I used to, if they are hitting too many 404s within a certain timeframe
# 08:43 
petermolnar maybe not right now
# 08:44 
petermolnar human wouldn't do that in theory, would they?
# 08:44 
petermolnar apparently they would
# 08:44 
petermolnar though not intentionally
# 08:44 
petermolnar ohohoh: https://twitter.com/dr4ys3n/status/874725257722179584
# 08:44 
@dr4ys3n @mulander @fenkt @WhatsApp Just set up a php page with the following code: <?php header("Location: data:text/plain,hello"); ?> That will crash whatsapp on your iPhone (twitter.com/_/status/874725257722179584)
# 08:45 
Zegnat Wait. Why is WhatsApp fetching 404s?
# 08:45 
petermolnar it looks up the url char by char
# 08:46 
petermolnar see https://pbs.twimg.com/media/DCJi5tWXYAE6QI8.jpg
# 08:46 
petermolnar though the thread is a month old
# 08:46 
cweiske whatsapp shows instant previews of URLs typed int othe message field
# 08:46 
petermolnar don't know if it's still the case
# 08:47 
petermolnar there should be a cooldown seconds or milliseconds after a char typed to actually look that url up
# 08:47 
petermolnar this is mad
# 08:47 
cweiske telegram waits a second until it tries
# 08:47 
petermolnar which makes sense
# 08:47 
petermolnar still a bit invasive though
# 08:47 
Zegnat We could test easy enough. Happen to have your logs open, petermolnar? ;)
# 08:47 
petermolnar although /me is using telegram via bitlbee
# 08:48 
petermolnar one sec
# 08:48 
petermolnar go
# 08:49 
petermolnar yep
# 08:49 
Zegnat Seriously?!
# 08:50 
Zegnat As WhatsApp user nothing in the UI suggests it is doing background fetching
# 08:50 
petermolnar https://petermolnar.net/tmp/Screenshot_2017-08-02_09-49-47.png
# 08:51 
cweiske chatting without clicking "send"
# 08:51 
cweiske that's awesome!
# 08:51 
petermolnar :D
# 08:51 
cweiske nearly as cool as chatting via SEPA bank transfer messages
# 08:52 
petermolnar logwatch -> push messages to phone
# 08:52 
Zegnat does select all + backspace so peter doesn’t get all the requests again in reverse
# 08:52 
petermolnar not really a problem, nginx is fast
# 08:52 
petermolnar but this is clearly a ddos vector
# 08:53 
petermolnar Zegnat can I try crashing it?
# 08:53 
petermolnar with that php
# 08:53 
Zegnat Yes
# 08:53 
Zegnat exits all other apps
# 08:53 
Zegnat Just tell me where to go
# 08:55 
petermolnar try
# 08:55 
petermolnar just try typing again
# 08:55 
Zegnat not while typing. Maybe if I sent
# 08:55 
Zegnat (sorry sebsel you are my testing person today)
# 08:55 
Zegnat Nothing. No link preview either
# 08:56 
Zegnat Oh, crap, did I miss the httpS? That might have invalidated it
# 08:57 
petermolnar no, it seems to be ok
# 08:57 
Zegnat No crashes. At least they fixed that
# 08:57 
Zegnat “ERR_UNSAFE_REDIRECT” when I try to open it in Chrome for Android
# 08:57 
Zegnat Apparently redirects to data URLs are a no-no
# 08:58 
petermolnar right, but if you do this to an uncached wordpress from a lot of clients within a short time that can end bad
# 08:58 
petermolnar wp does a lot of magic trying to figure out where you actually wanted to go
# 08:58 
petermolnar unlike my site
# 08:59 
loqi.me edited /Mastodon (+107) "tantek_ added "2017-08-01 [https://medium.com/@Gargron/m-for-mastodon-4269c0bf6c8b M for Mastodon: A new logo and v1.5]" to "See Also"" (view diff)
j12t joined the channel
# 09:15 
@antistatique #Webmentions to help decentralising the web again﹣How and why Implementing this W3C recommendation https://allinthehead.com/retro/378/implementing-webmentions (twitter.com/_/status/892674007539077120)
[tantek] joined the channel
# 09:36 
sebsel saw Zegnat's Whatsapp messages and is surprised by what was being tested
# 09:37 
sebsel The iOS version does it too, and even the web client, but the web client has some delay: https://seblog.nl/temp/media-endpoint/a57d6a-web-client.jpg
# 09:37 
sebsel It still does a GET for every keystroke, but based on the current typed URL, after the delay.
j12t, KevinMarks, jeremycherfas, [kevinmarks] and Defenestrate joined the channel
# 11:58 
[kevinmarks] https://twitter.com/kevinmarks/status/892700776006639618
# 11:58 
@kevinmarks Is this the kind of metadata that @sherylsandberg is promising to give @AmberRuddHR in those "complicated" meetings? #ownyourdata QT [@mulander] Very creepy @WhatsApp, someone was apparently typing in an URL and WhatsApp was fetching it off my server char-by-char https://pbs.twimg.com/media/DCJi5tWXYAE6QI8.jpg (twitter.com/_/status/892700776006639618)
j12t and jeremycherfas joined the channel
# 12:56 
vanderven.se martijn edited /Do_Not_Track (+363) "Reddit is dropping DNT support." (view diff)
# 13:00 
@rolle ronilaukkarinen starred pfefferle/wordpress-webmention https://github.com/pfefferle/wordpress-webmention #github (twitter.com/_/status/892731536000389120)
tantek_, [kevinmarks], KevinMarks, j12t, KevinMarks_, singpolyma, eli_oat and [miklb] joined the channel
# 16:25 
tantek.com edited /peername (+67) "linky linky, see also" (view diff)
# 16:26 
tantek.com edited /namecoin (+73) "linky linky, see also" (view diff)
# 16:27 
tantek.com edited /blockchain (+252) "upgrade original snarkinition with a tweeted definition, cite source" (view diff)
tantek_, j12t, barpthewire, jeremycherfas_ and KevinMarks joined the channel
# 17:55 
snarfed.org edited /blockchain (+328) "another definition" (view diff)
# 17:56 
sknebel snarfed++
# 17:56 
Loqi snarfed has 8 karma in this channel (293 overall)
KevinMarks, arush, [cleverdevil], [kevinmarks], gRegorLove, [colinwalker], https_GK1wmSU and [chrisaldrich] joined the channel