#dev 2017-08-31

2017-08-31 UTC
jjuran_, snarfed1, snarfed, KartikPrabhu and jjuran joined the channel
#
tantek
Next time someone says something is "easy" about configuring a web server, please send them this: http://bgr.com/2017/08/30/spambot-leak-addresses-passwords-security/
#
tantek
"The leak is being called one of the largest of all time, and it was discovered thanks to a poorly configured web server which was hosting the files in a way that allowed it to be accessed by just about anyone."
snarfed and [miklb] joined the channel
#
[miklb]
I can say it’s easy to secure your home, and someone who doesn’t have a good lock on their front door doesn’t mean I’m wrong.
#
KartikPrabhu
[miklb]: it is great that you know the details of locks to decide which one is "good" but to someone who doesn't know those things it is not easy
#
aaronpk
There is no absolute scale of "easiness"
#
[miklb]
oh, I didn’t know a thing about locks until I bought a home. But then it was important to figure out.
#
[miklb]
on the other hand I pay a professional to work on my car.
#
aaronpk
1) it's not always important (there are plenty of examples of people who don't lock their front door) and 2) the lock required is heavily dependent on the threat model you're protecting against which depends on the specific location of the house and other factors
#
[miklb]
sure, the context of securing is what I why I used a lock as an example.
#
[miklb]
mumbles about typos
#
KartikPrabhu
[miklb]: yes, but as aaronpk said "easiness" is relative to your own knowlegde and experience
#
[miklb]
I do not disagree with that either. And yes, degree of threat model is relative, but the context was “hosting the files in a way that allowed it to be accessed by just about anyone”
#
[miklb]
that sounds like having no front door or lock.
#
[miklb]
I contend there is a dearth of information and tutorials to allow anyone interested in setting up a server to at least have a decent strength door and a good lock on it. And backdoor for that matter.
#
KartikPrabhu
yup, that is the issue^
#
KartikPrabhu
also people without this knowledge don't have many tools to verify security either
#
[miklb]
we are still talking about a web server, right?
KartikPrabhu, jjuran, tantek, loicm, cweiske, EmreSokullu, barpthewire, [kevinmarks], j12t and [pfefferle] joined the channel
#
loqi.me
edited /license (+22) "sebsel added "/2017/Nuremberg/law" to "See Also""
(view diff)
EmreSokullu joined the channel
#
seblog.nl
edited /license (+305) "added "Why and when" to brainstorming"
(view diff)
#
seblog.nl
edited /license (+78) "/* Why and when */ add comments and likes"
(view diff)
EmreSokullu, loicm, [kevinmarks], jeremycherfas, EmreSoku_, [pfefferle], singpolyma, snarfed and eli_oat joined the channel
#
snarfed
annoyance of the day: webfinger is HTTPS-only, which makes localhost testing difficult :( file:///Users/ryan/docs/rfc_7033_-_webfinger.html#section-4
#
cweiske
your URL is file-based, which makes opening it remotely difficult
#
KartikPrabhu
!tell snarfed: quite a few new web-techs are https only for instance service workers
#
Loqi
Ok, I'll tell them that when I see them next
#
aaronpk
i finally have a pretty solid setup for local development with https without needing to create a certificate for each site. i should really blog about it
#
cweiske
I'm still looking for a way to get letsencrypt to hand out a localhost certificate to me
EmreSokullu joined the channel
#
cweiske
[ ] ngrok is useful when developing locally without an internet connection
#
singpolyma
Oh, I missed the "without an internet connection" part, sorry
#
cweiske
I wouldn't want a https certificate for "localhost" otherwise
#
aaronpk
I don't think any cerificate authority will issue a localhost cert, that kind of doesn't make sense
#
singpolyma
can always make your own CA and sign your own certs :)
#
aaronpk
but you could use a real domain to issue the cert then set it to 127.0.0.1 in your hoss file
#
cweiske
and then I have to import that root cert in every device. no thanks
#
singpolyma
aaronpk: right, like that :)
#
singpolyma
cweiske: how many dev devices do you have?
#
aaronpk
i made myself a cert with a bunch of SANs, *.com.dev *.org.dev *.net.dev etc, so now I just add .dev to the end of my domains to get to the local copy
#
cweiske
that's not important
jeremycherfas and [keithjgrant] joined the channel
#
[keithjgrant]
cweiske - the issues you posted for Omnibear... are those in Chrome or in Chromium browser?
#
cweiske
chromium
#
cweiske
sorry, haven't had the time to debug further
#
[keithjgrant]
interesting. I encountered similar errors, both authenticating and posting, in Firefox
#
[keithjgrant]
I've got those fixed, so once I iron out the next release in the next day or two, it might be worth seeing if that fixes Chromium as well
#
[keithjgrant]
mostly had to do with permissions settings in the extension
snarfed and KartikPrabhu joined the channel
#
@phpugl
Gleich ist wieder Zeit für die #php #usergroup #Leipzig. Heute geht's u.a. um #webmention und #micropub. 20:30 im @localhostLE
(twitter.com/_/status/903301162786541569)
EmreSoku_, j12t, snarfed and [cleverdevil] joined the channel
#
[cleverdevil]
So, I am doing a fun project, if anyone wants to join in and help.
#
[cleverdevil]
I found a copy of the 1946 original Trader Vic's Book of Food and Drink in PDF format, and its one of the most fun and gorgeous campy cocktail party books ever written.
#
[cleverdevil]
I'm extracting all of the text from it, and producing a properly marked up HTML copy of it, with microformats for things like recipes.
#
[cleverdevil]
My goal is to then make it super pretty, as well, with a tribute to the original.
EmreSoku_ and EmreSokullu joined the channel
#
snarfed
[cleverdevil]++ cool!!!
#
Loqi
cleverdevil has 5 karma in this channel (51 overall)
#
Loqi
snarfed: KartikPrabhu left you a message 2 hours, 26 minutes ago: quite a few new web-techs are https only for instance service workers
#
snarfed
(great overall, but sad that they don't special case local hostnames)
#
[cleverdevil]
My biggest question is copyright.
snarfed joined the channel
#
@wpmudev
What the New Webmention and Annotation W3C Standards Mean for WordPress https://premium.wpmudev.org/blog/?p=166420 #wpmudev
(twitter.com/_/status/903332819350499328)
#
@muc_webdesigner
What the New Webmention and Annotation W3C Standards Mean for WordPress https://premium.wpmudev.org/blog/?p=166420 #wpmudev
(twitter.com/_/status/903334615733202944)
#
@wpsheeteditor
wpmudev: What the New Webmention and Annotation W3C Standards Mean for WordPress https://premium.wpmudev.org/blog/?p=166420 #wpmudev
(twitter.com/_/status/903335288306634752)
[manton] joined the channel
#
[manton]
cleverdevil Just did a little research on this because I was curious. Sounds like if the 1946 book's copyright had been renewed after the initial 28 years, it would be automatically extended and still under copyright today. But if it hadn't been renewed, it should be in the public domain now. (In theory you can search the copyright office, but not seeing how without contacting them.)
#
[cleverdevil]
I'm pretty sure its under copyright still, which sort of sucks.
#
[cleverdevil]
But, hey, maybe I'll just do it for personal use ?
EmreSokullu joined the channel
#
snarfed
forgiveness not permission
#
snarfed
probably worst case they send you a takedown and you...take it down :P
#
[manton]
It seems extremely unlikely that anyone who worked on that book is still alive and/or cares. Is the publisher still in business?
#
[manton]
(Disclaimer: I'm not a lawyer, etc.)
KartikPrabhu joined the channel
#
[cleverdevil]
Indeed, I am guessing its likely pretty safe, especially if its a loving tribute ?
#
[cleverdevil]
(Oh, and also I don't plan on trying to profit off it in any way...)
[miklb] joined the channel
#
[miklb]
doesn’t seem to be still in print either.
#
[cleverdevil]
A little preview of what I've got so far - http://share.cleverdevil.io/S8jT0BVaNT.png
EmreSokullu joined the channel
#
[manton]
Unfortunately looks like they did print other editions of the book as late as 1982, so it's probably still technically under copyright. Bummer.
#
snarfed
lol "some people like bourbon or scotch with plain water"
#
snarfed
heathens!
#
[manton]
(But I'm speculating, so I'll step away now... Looks cool, though!)
#
snarfed
(i'm one :P)
[kevinmarks] joined the channel
#
[kevinmarks]
Unmung.com has a nice recipe previewer
#
[kevinmarks]
Instagram api is changing
#
snarfed
"The new API is now available to all developers." !!!
#
snarfed
now to see what it actually has
#
aaronpk
Without manual approval?
#
Loqi
[Aaron Parecki] Fire-Roasted Instant Pot Enchilada Sauce
#
[miklb]
“Build tools for businesses to help them manage their presence on Instagram” ?
#
[kevinmarks]
That was for cleverdevil
#
[cleverdevil]
YAY MORE ENGAGING WITH MY FAVORITE BRANDS
#
[manton]
On first glance, still not seeing a way to upload photos to Instagram. Sigh.
#
[cleverdevil]
Thanks for that kevinmarks
#
snarfed
continues to scrape (and get rate limited) like a farmer
#
[miklb]
for a brief gleaming moment, I thought I might be using Instagram again.
snarfed joined the channel
EmreSokullu and loicm joined the channel
#
Loqi
[micropub.rocks] Like #115 micropub.rocks likes https://aaronparecki.com/2017/08/31/6/.
#
@megarush1024
@DerekRiemer Now we just need to get your WordPress set up with webmention support and connected to Bridgy so replies from social come in.
(twitter.com/_/status/903347894773800960)
tbbrown, sebsel and [kevinmarks] joined the channel
#
[kevinmarks]
You could use a ½ character
[cleverdevil] joined the channel
#
[cleverdevil]
kevinmarks yeah, but I have a bunch of vim macros that are doing the dirty work for me, and they're automatically converting 1/2 to that markup.
#
[cleverdevil]
Plus, there are fractions in the book that don't have associated characters.
snarfed and KartikPrabhu joined the channel