#dev 2017-08-20

2017-08-20 UTC
KartikPrabhu, [miklb], snarfed, tantek, cweiske, jeremycherfas, [kevinmarks] and [renem] joined the channel
#
[renem] Hi Dev-Channel (I hope it's the right channel for that type of question). I'm in search of a way to automate sending Webmentions to links in Blog-posts I publish with Hugo, as static site genertor. Has anyone done it that way or could provide a starting point?
#
[renem] I thought about a way to scan the freshly generated blog post for links, test for a webmention endpoint and when found, ping it. However I won't do that for all posts every time I generated the blog pages again, which Hugo does.
#
sebsel what is static?
#
Loqi A static site is a website that is served by a web server directly from the file system https://indieweb.org/static
#
sebsel There are two options on that page :)
#
[renem] sebsel I want to automate it, the receiving is implemented on my blog. As far as I understood Telegraph, I've to open the site, paste the link to my new blog post and it will then do what I want. However, I searched for a way to automate this "open the site, paste the url" thing.
#
sebsel There must be a way to do that!
#
seblog.nl moved /hugo to /Hugo "names with capital"
#
[renem] I thought about some "caching" of generated html sites that were processed in the past. Maybe with some help of GULP, but haven't done it yet and search maybe for a easier/better way.
#
sebsel I remember someone who sent mentions to me over and over again, because of rebuild, and he solved it, but I can't remember who it was.
#
[renem] That's exactly what I search for, to prevent the sending again and again.
#
sebsel If you find something, please update the Hugo and/or static site pages to include a pointer for future people :)
#
sknebel for jekyll there is https://github.com/aarongustafson/jekyll-webmention_io#commands
#
Loqi [aarongustafson] jekyll-webmention_io: A Jekyll Plugin for rendering Webmentions via Webmention.io
#
sknebel but I'm sure there's more, but can't find code examples either - might be worth googling or searching the sites of people listed as using something
#
sknebel from what I've heard, the biggest "problem" has been that the page needs to be published before webmentions are sent, and that doesn't fit all that well in the typical CI build workflow many use
#
sknebel (where your build runs, finishes, and then the result is uploaded - and *then* you have to start sending webmentions)
#
Zegnat wouldn’t be surprised if voxpelli had a thing for this
#
voxpelli is slowly working on it – still think something along the lines of https://github.com/aaronpk/Telegraph/issues/13 would be the way I want go
#
Loqi [voxpelli] #13 Ping stuff from a feed
#
Zegnat I think I have conditioned to ping you whenever static site stuff comes up these days, voxpelli ;)
#
voxpelli Zegnat++ ;)
#
Loqi zegnat has 27 karma in this channel (128 overall)
#
deborniol.com created /User:Deborniol.com (+307) "Created page with "<span class="h-card">[http://deborniol.com/ Mayel de Borniol]</span> == Working On == * [[Social.coop]] a coop-run corner of the fediverse, a co-operative and transparent approa..."" (view diff)
jeremycherfas joined the channel
#
jeremycherfas Is there a useful tool for looking at access logs, or it is easier to just look at the raw data and maybe grep?
davidmead joined the channel
#
deborniol.com edited /User:Deborniol.com (+91) "/* Working On */" (view diff)
#
jeremycherfas It looks to me like the $HMAC as calculated by the command is one character too long. Will try and set it by hand instead.
[kevinmarks] joined the channel
#
[kevinmarks] hm, seems as if websub would be the right thing to hook up a webmention sender to, but that would need websub for githup pages
#
jeremycherfas Still get a 403 forbidden.
#
jeremycherfas Very frustrating.
#
sebsel what are you working on, jeremycherfas?
#
@kevinmarks @RussellBal @cliffordoravec @remarkbox well https://webmention.rocks/ can help you work up to that (twitter.com/_/status/899262013905543169)
#
jeremycherfas I want to try and post to Known using the API. Following the instructions here http://docs.withknown.com/en/latest/developers/plugins/api/
#
sebsel hmz, okay!
#
jeremycherfas The thing is, apart from the 403 forbidden, I get no additional information as to why that might be so.
#
sebsel Well, you wouldn't want to give an attacker too much information, right? I think it means your signature does not match what it expects.
#
jeremycherfas Right. That’s true. But the weird part is that the access.log seems to show it was successful
#
jeremycherfas 208.113.170.110 - - [20/Aug/2017:06:32:40 -0700] "POST /status/edit HTTP/1.1" 200 4116 "-" "curl/7.35.0"
#
jeremycherfas Does that 200 mean success?
#
sebsel Hm, yeah, that's success and I would expect 403 if it says 403 Forbidden to you.
#
jeremycherfas OMG! A million thanks sebsel. I might have the wrong key. Let me recalculate and try again.
#
jeremycherfas Yes! https://stream.jeremycherfas.net/2017/this-is-some-text
#
Loqi [Jeremy Cherfas] this is some text
#
sebsel yaay!
#
jeremycherfas A classic human erro; for some reason - secuyrity? - Known does not seem to allow copy from the API field, and I human copied it wrongly!
#
Zegnat Knowing how you made that post, I kinda want to send a ? reacji at it
#
Zegnat jeremycherfas++ for making manual curl requests work for him!
#
Loqi jeremycherfas has 2 karma in this channel (7 overall)
#
jeremycherfas The Chrome restlet client still fails, but I don’t care any more.
#
sebsel wasn't Postman the most loved one? Seems like it's stand-alone now: https://www.getpostman.com/
#
sebsel I use Paw, but probably less than half of it's features. Can be a freeform Micropub client too https://paw.cloud/
#
Zegnat I love the look of Paw, but for that money, I prefer cURL on my terminal :/
#
sebsel I hope I used a discount back when I brought it, now that I see it, yes. Can't remember.
snarfed joined the channel
#
Zegnat There is a 30% student discount apparently. But even then
[manton] joined the channel
#
[manton] Paw is really good. I use it to run through a bunch of tests of my Micropub endpoints, too.
#
jeremycherfas Noob question: What does it mean in the terminal when suddenly a bunch of lines are prefixed with >
#
jeremycherfas I can get out with CTRL-C but I have no idea how it happens.
#
sebsel Did you open a { or ( ? Then it waits for a ) or }.
#
sebsel is a terminalnoob too btw
[miklb] joined the channel
#
jeremycherfas Maybe I did — but not intentionally :)
#
Zegnat What sebsel says. It’s basically “continuing from previous line”, IIRC
#
sebsel Like ending the line in \ does too...
#
aaronpk good morning
#
Loqi good morning!
#
sebsel morning aaronpk :)
#
aaronpk did you get to try out the new OwnYourSwarm updates much yet?
#
sebsel I tried to import an old one, the one that was mentioned in the issue, but that didn't work yet, probably because it thought there was nothing to update
#
sebsel Will try and make a checkin with two photo's today, to test.
#
aaronpk ah well you can always click the "Reset" button which makes OYS forget the checkin completely
#
sebsel Yeah, but that will result in a new post, right?
#
aaronpk yeah
#
sebsel That doesn't really test the new features. Will keep an eye on it though!
#
aaronpk oh i know what happened with yours
#
aaronpk i had to add a column to cache the "shout" text to know whether the shout was added. but since it wasn't there before, I just skip checking for updates on any checkins created before i launched the code
#
aaronpk otherwise it would appear that every checkin with a shout just had the shout added
#
sebsel Ah!
#
sebsel What is your use case for the syndication targets? Do you use that yourself?
#
jeremycherfas My problem seems to have been some weirdness with copy and paste from NValt.
#
aaronpk sebsel: i use it in ownyourswarm, and during the Summit someone had a use case for it
#
aaronpk er
#
aaronpk i use it in ownyourgram
#
sebsel Ah okay!
#
aaronpk i figured it was easy enough to add to OYS since i had already done it in OYG
#
sebsel It's a cool feature, but I just don't know whether I want my checkins on Twitter and Facebook too :)
#
aaronpk i can also add other micropub endpoints as syndication targets on my site, so this would let me copy checkins to other micropub endpoints too
#
sebsel To Instagram would be cool, but yeah, that API.
barpthewire joined the channel
#
aaronpk just added a keyword match rule to syndicate checkins to my ham radio twitter account
#
sebsel oh, I just checked in "off the grid", because I saw that option, and now I have a checkin on my site that is probably not visible for anyone else on Swarm.
#
aaronpk sure enough!
#
sebsel https://seblog.nl/2017/08/20/2 < it says 'off the grid' in the webmentions
#
Loqi [Sebastiaan Andeweg] pointercheck-in bij Brakkenstein, Nijmegen
#
sebsel what is private post?
#
Loqi private posts refer to posts or portions of posts which are private to either the author or to a limited audience chosen or previously approved by the author https://indieweb.org/private_post
#
aaronpk hm i may need to add some more settings to my syndication options
#
seblog.nl edited /private_posts (+189) "/* Silo Examples */ add Swarm" (view diff)
#
jeremycherfas I originally started digging in to the WithKnown API in the hope that I would be able to automate new bookmrks from my RSS feed at reading.am. I think I have the basics of what to send in the POST. I had been hoping to use IFTTT to do the heavy lifting, but it doesn’t seem to be able to do what I want. Maybe Zapier will be better. But Zapier is pretty expensive.
#
Zegnat IFTTT can’t send custom POSTs?
#
aaronpk it can, it's in the "Maker" channel
#
jeremycherfas I searched for various terms — HTML, HTTP, API — and nothing seemed to pop up.
#
jeremycherfas I did see it in the Maker channel, but at first glance that seemed to be all about interacting with IoT. Can it do more, aaronpk?
#
aaronpk it just lets you make a post request to whatever URL
#
aaronpk i use it to convert the withings scale readings into micropub requests
#
jeremycherfas Cool. I’ll take another look and pay more attention.
#
Zegnat What is IFTTT?
#
Loqi IFTTT (IF This Then That) is a service for connecting apps and services with automation https://indieweb.org/IFTTT
#
aaronparecki.com edited /IFTTT (+212) "/* IndieWeb Examples */" (view diff)
#
Zegnat This is interesting, and I wonder if I should implement this all around… https://github.com/IncludeSecurity/safeurl-php
#
Loqi [IncludeSecurity] safeurl-php: PHP Implementation of SafeURL
#
Zegnat Anyone have any thoughts?
#
jeremycherfas Sorry to be a dunce aaronpk but I cannot see anywhere in there to add authentication
#
aaronpk jeremycherfas: ohhh yeah that's the big flaw wth the maker channel, they don't let you add headers! I send the access token in the post body for that
#
sebsel (lol, ifttt has both iftt.com, ifttt.com and iftttt.com)
#
sebsel Yeah, but jeremycherfas is using the Known API, not Micropub.
#
Zegnat And, on exploits in URL parsers, which shows libraries like the above might be needed: https://www.blackhat.com/docs/us-17/thursday/us-17-Tsai-A-New-Era-Of-SSRF-Exploiting-URL-Parser-In-Trending-Programming-Languages.pdf
#
Zegnat Wonder if people with services that require fetching untrusted URLs take any steps against this?
#
Zegnat (Sorry to throw this in between your questions jeremycherfas, but else I am going to forget the links.)
#
sebsel In Micropub, you can set access_token=xxx as one of your body fields.
#
jeremycherfas Not a problem zegnat.
#
jeremycherfas I’m lost again. Could I use RSS to trigger micropub?
#
sebsel Yes.
#
jeremycherfas Directly, or via something like IFTTT or Zapier?
#
sebsel Micropub isn't that much different from the Known API, so what you know now still applies :)
#
jeremycherfas Heh. Ya think.
#
sebsel No, you can use IFTTT to make a Micropub request
#
sebsel So RSS > IFTTT > Micropub = new post
#
jeremycherfas So request to the micropub endpoint in my install of Known. Wouldn’t I still have the problem of authentication?
#
sebsel So you have the endpoint here: http://stream.jeremycherfas.net/micropub/endpoint
#
sebsel You send a POST request, containing `content=Test&access_token=xxx` to that URL.
#
jeremycherfas And I know how to access that with curl
#
sebsel The only thing is that you need to obtain an access token
#
jeremycherfas But where to I get the access token?
#
sebsel Yeah, indeed, that part is the same.
#
sebsel what is obtaining an access token?
#
Loqi https://indieweb.org/obtaining-an-access-token
#
sebsel :P
#
jeremycherfas Oh boy!
#
sebsel You can also steal one from Quill.
#
Zegnat Didn’t you already extract an access token for curl on the command line?
#
jeremycherfas I don’t think so. I had to create HMAC from the URL and my API
#
sebsel That was the Known API, and I don't know if that is compatible with Micropub. But worth a try.
#
Zegnat Aaah, sorry, I though Known API === Micropub
#
Zegnat I will shut up until asked for assistance
#
sebsel No, different params, different headers.
#
sebsel It uses X-KNOWN-USERNAME and X-KNOWN-SIGNATURE... :/
#
jeremycherfas Sebsel If I look at the indiepub accounts in KNown, I can see only the first 5 characters of the Token.
#
jeremycherfas What https://indieweb.org/obtaining-an-access-token says to me is that this is way more complicated than you can manage. But I also know that I can at least try.
#
aaronpk try just logging in to quill and it will show you the access token
#
sebsel That's why I say: steal the one from Quill.
#
jeremycherfas In which case, probably best to change from x-www-form-urlencoded to json in the POST
#
sebsel ? I don't think that's related?
[kevinmarks] joined the channel
#
[kevinmarks] What is Ownyourswarm?
#
Loqi OwnYourSwarm is a service which sends your Swarm checkins to your own website via Micropub https://indieweb.org/OwnYourSwarm
#
[kevinmarks] Hm. It still 403s for me on known
#
jeremycherfas Time to give up again for the day. Now having the strangest problems cutting and pasting from Textedit to Terminal. No idea what’s hgoing on.
cweiske joined the channel
#
cweiske.de edited /static-site (+19) "/* stapibas */" (view diff)
#
cweiske.de edited /stapibas (+18) "/* Features */" (view diff)
#
loqi.me created /easter_egg (+101) "prompted by Zegnat and dfn added by Zegnat" (view diff)
tantek and [kevinmarks] joined the channel
#
sebsel !tell jeremycherfas I have his helper for obtaining an access token for you now :) https://gimme-a-token.5eb.nl/
#
Loqi Ok, I'll tell them that when I see them next
#
sebsel It's a HTML page, so I can also just put it on Github, I guess.
#
aaronpk whoa
#
sebsel Tried to do it with an AJAX request in the last step, but that was not allowed cross domain :P
#
aaronpk ah yeah
#
sebsel So just having the browser make the POST is the way to go
#
sebsel I didn't want to go server-side.
#
aaronpk it does seem like i should build a tool into the new indieauth.com for this
#
sebsel It is a frequently asked question!
#
aaronpk or maybe just a p3k.io utility
#
aaronpk make it look less official
#
sebsel Homebrew Access Token.
#
aaronpk lol
#
sebsel adds that as a title
snarfed joined the channel
#
snarfed sebsel: try https://anyorigin.com/ and friends for CORS?
#
sebsel but then people's access tokens go through their servers? I can go server side myself, I just wanted to have it all in the browser.
#
sebsel It's already for people like jeremycherfas, who is not a dev, but still interested enough to learn about API's :)
#
sebsel (I really don't know when someone becomes "dev", maybe jeremy is already)
davidmead joined the channel
#
Zegnat Interesting, I wonder why gimme-a-token didn’t work with my selfauth endpoint. Hmm
[kevinmarks], [miklb] and KartikPrabhu joined the channel
#
sebsel Zegnat do you have a token endpoint? Need that to get a token :)
#
Zegnat I was just entering token.indieauth, that should work for everyone, right?
#
sebsel https://tokens.indieauth.com/token, but yes, that should work.
#
sebsel Zegnat: works for me!
#
Zegnat Hrrmm
#
Zegnat Will test more tomorrow
#
sebsel but it seems like the URLdecoding in the code-field is not great
#
sebsel selfauth has the scopes separated by spaces, but it keeps the +
snarfed and [kevinmarks] joined the channel
#
Zegnat Aah, interesting sebsel. Maybe we should base64 encode the code on selfauth’s side to make sure things do not get confused?
#
sebsel I think that's a good idea. It feels weird just seeing the scopes there, like you can edit them. Making it base64 ensures it is seen as one code too.
barpthewire, KartikPrabhu and [kevinmarks] joined the channel
#
sknebel Zegnat: just saw you linked to that blackhat "A new era of SSRF" presentation. have been looking into it a bit, but "rewrite my WM handling in a more paranoid way" is still on the todo list (I have code to stop access to localhost at least, but I don't trust it 100%)
[tantek] joined the channel
#
sknebel (and I guess indieauth endpoints, websub etc need similar steps)
#
gregorlove.com edited /accessibility (+174) "/* Physical Environments */ Ellen Murray's Twitter thread" (view diff)
snarfed joined the channel