#dev 2017-09-18

2017-09-18 UTC
eli_oat, snarfed, KartikPrabhu, renem, [miklb] and tantek joined the channel
#
tantek I think it will help to figure out how to use external services to handle webmentions, e.g. for static sites
#
tantek GWG, so that is one of the big reasons I want to tackle these challenges in that context
#
GWG I have some things on my list.
#
tantek GWG, if you're curious I've been brainstorming a lot about what to do about responses to my posts, and the things I'm worried about here: https://indieweb.org/Falcon#Working_On
leg, snarfed, tantek and KartikPrabhu joined the channel
#
tantek good evening #indieweb-dev
#
tantek.com edited /webactions (+130) "/* Wrap multiple silo post actions */ add google+ simple link based share/post fallback" (view diff)
[xavierroy], loicm, clintpatty, jeremycherfas, [kevinmarks] and snarfed joined the channel
#
@sl007 @m_ott @mozilla @lyssaslounge We love it. I'd use it. Webmention support 'd be awesome. But fearing another Mozilla opt. out. now. In 1 year or 5 years or ? (twitter.com/_/status/909721921406808064)
snarfed, AlanPearce[m], myfreeweb and eli_oat[m] joined the channel
#
@sl007 @m_ott @stefanjudis If you'd use it would you "bridge" webmentions? Btw: Working out sponsored indieweb hackathon http://bit.ly/2xb9qit prior FOSDEM Brussels. (twitter.com/_/status/909734448475885568)
#
@m_ott @sl007 @stefanjudis That way, visitors can clearly distinguish between comments and mentions and e.g. get a better idea of what Webmentions are. (twitter.com/_/status/909736379235565568)
KartikPrabhu, clintpatty, davidmead, [pfefferle], jeremycherfas, eli_oat, singpolyma, jjuran, snarfed, [kevinmarks] and tantek joined the channel
#
tantek !tell sl007 re: https://twitter.com/sl007/status/909734448475885568 perhaps consider filing an issue asking for Webmention support, and citing the W3C Recommendation, implementation reports, test suite etc. https://github.com/coralproject/talk/issues
#
Loqi Ok, I'll tell them that when I see them next
#
@sl007 @m_ott @stefanjudis If you'd use it would you "bridge" webmentions? Btw: Working out sponsored indieweb hackathon http://bit.ly/2xb9qit prior FOSDEM Brussels. (twitter.com/_/status/909734448475885568)
#
KartikPrabhu likes how the "bridge" in Bridgy is a verb now!
#
tantek bridge was a verb before Bridgy
#
KartikPrabhu i meant in this context "bridging responses"
#
tantek it's not really in the Bridgy sense though - as that implies the contexts of 1) with a silo, and 2) without one side doing work. whereas the goal with any open source commenting / posting project should be to get Webmention support built-in
#
tantek !tell aaronpk I wonder if it would be helpful to create a short "WebComments" NOTE that basically normatively specifies how to use Webmention + h-entry for comments, building on the existing guidance in Webmention. This tweet made me think it would be useful to have a clarifying spec for that: https://twitter.com/m_ott/status/909736379235565568
#
Loqi Ok, I'll tell them that when I see them next
#
@m_ott @sl007 @stefanjudis That way, visitors can clearly distinguish between comments and mentions and e.g. get a better idea of what Webmentions are. (twitter.com/_/status/909736379235565568)
#
tantek (i.e. webmentions are not just for "mentions")
#
tantek and then maybe another NOTE for WebLike or WebResponse to be more general that references WebComment
snarfed, [kevinmarks], KartikPrabhu, [keithjgrant], tantek and loicm joined the channel
#
tantek apologies for the partial article, but this seemed important enough to share and ask what other folks are seeing on their personal sites / web servers: https://www.networkworld.com/article/3166934/security/study-1-in-3-website-visitors-is-an-attack-bot.html
#
Loqi CSO staff
#
tantek what is a bot
#
Loqi robots are automated scripts that crawl, search or perform multiple requests for information https://indieweb.org/bot
tantek and [miklb] joined the channel
#
[miklb] If you have ever used a one-click install @ Digital Ocean for mysql, check your email
[cleverdevil] joined the channel
#
[cleverdevil] That... doesn't sound good.
#
aaronpk uhoh what?
#
Loqi aaronpk: tantek left you a message 3 hours, 53 minutes ago: I wonder if it would be helpful to create a short "WebComments" NOTE that basically normatively specifies how to use Webmention + h-entry for comments, building on the existing guidance in Webmention. This tweet made me think it would be useful to have a clarifying spec for that: https://twitter.com/m_ott/status/909736379235565568
#
aaronpk good idea tantek
#
[miklb] From what I can tell, they were using a default password for all install. Know one, know them all.
#
KartikPrabhu <sigh>
#
[miklb] “We have changed our 1-Clicks to ensure that all future Droplets will have unique, auto-generated passwords for this user.”
#
tantek So what you're saying is, you found a problem with using MySQL on the web
#
tantek what is one-click install
#
Loqi One-click-install is a goal of indieweb projects to make getting started on the indieweb as easy as possible https://indieweb.org/one-click-install
#
[miklb] I didn’t find anything. I’m just passing along info in an email I got
#
tantek what is a Droplet
#
Loqi Droplet is the cute name DigitalOcean uses for its virtual private server instances https://indieweb.org/Droplet
#
aaronpk are the mysql databases on DO exposed to the web? i always firewall mine to the specific machines that need access...
#
[cleverdevil] I doubt it.
#
[cleverdevil] At least, I sure hope they're smarter than that.
#
[miklb] includes one-click WP, LAMP, LEMP, & owncloud installs.
#
KartikPrabhu Gmail now automatically marks emails as "important" because "important according to our magic sauce"
#
[cleverdevil] Yeesh.
#
[miklb] “A long-standing vulnerability” lol
#
petermolnar on debian, the mysql install creates a debian maintenance user which is localhost-only but has a plain text password in /etc/mysql/debian.cnf (?)
#
petermolnar I'm guessing this is something similar
#
petermolnar but debian does this with a random pass
#
bear the issue for DO is that it used the exact same password for months for mysql, wordpress, etc -- anything that they had a 1-click install image of
#
[cleverdevil] Shit happens. That's no bueno though.
#
tantek what is debian
#
Loqi It looks like we don't have a page for "debian" yet. Would you like to create it?
#
tantek what is DO
#
Loqi It looks like we don't have a page for "DO" yet. Would you like to create it?
#
tantek what is DigitalOcean
#
Loqi DigitalOcean is a virtual private server provider targeted towards developers and offers low cost cloud servers in data centers across the world https://indieweb.org/DigitalOcean
#
tantek DO is /DigitalOcean
#
loqi.me created /DO (+25) "prompted by tantek and dfn added by tantek" (view diff)
#
Loqi ok
#
petermolnar are they retroactively changing it?
#
@cswordpress @mrkrndvs The site you're replying to must also support receiving webmentions. (twitter.com/_/status/909903367706640384)
#
[miklb] they have a script you can run to check and update credentials if using the default password.
#
bear not retro, just updating their generation code going forward and letting users update any that are active
#
[miklb] https://github.com/digitalocean/debian-sys-maint-roll-passwd
#
Loqi [digitalocean] debian-sys-maint-roll-passwd: Script to update password for MySQL user "debian-sys-maint"
#
KartikPrabhu this probaly is database-tax?
#
tantek in a way yes, as part of a larger security surface from running another server and more software
#
[cleverdevil] This is one of the dangers of golden images and unmanaged servers with pre-installed / configured software.
#
tantek what is a golden image
#
Loqi It looks like we don't have a page for "golden image" yet. Would you like to create it?
#
[cleverdevil] I need to distribute some more "have you considered a DreamHost managed VPS?" tracts ?
#
tantek what is an unmanaged server?
#
Loqi It looks like we don't have a page for "unmanaged server" yet. Would you like to create it?
#
tantek hmm
#
[cleverdevil] A golden image is a disk image used to create a virtual machine or virtual private server. Golden images contain the operating system, often Linux, with pre-installed and configured software and services. Many service providers use golden images as a way to provide "one-click installers" for their customers.
#
Loqi ok
#
loqi.me created /golden_image (+334) "prompted by tantek and dfn added by [cleverdevil]" (view diff)
#
[cleverdevil] A unmanaged server is a server, virtual or physical, that once created by a service provider is left alone, leaving all management -- including software installs, upgrades, configuration, and maintenance -- to the end user.
#
Loqi ok
#
loqi.me created /unmanaged_server (+248) "prompted by tantek and dfn added by [cleverdevil]" (view diff)
#
tantek what is a virtual machine
#
Loqi It looks like we don't have a page for "virtual machine" yet. Would you like to create it?
#
tantek what is a virtual private server
#
Loqi A Virtual Private Server (AKA VPS) is a level of webhosting service where you get root access to a virtual system and can install whatever you want https://indieweb.org/virtual_private_server
#
tantek what is Linux
#
Loqi It looks like we don't have a page for "Linux" yet. Would you like to create it?
#
petermolnar I hope docker people will never hear about the problems with golden images, they'be rather disappointed
#
bear anyone use uses dockers "FROM" keyword has the same issues with golden images
#
bear you are pulling down a large mass of tech debt you have to hope they have managed to install correctly
#
tantek I feel like any time you choose to manually "install" something, you are signing up for indefinite maintenance task of that same thing, the (time) cost of which is likely MUCH higher (orders of magnitude) than the initial install time cost.
#
tantek s/task/tax
#
tantek What is AMP
#
Loqi Accelerated Mobile Pages (AMP) is a Google-led project that speeds up a subset of HTML through caching and dependencies on google: https://indieweb.org/AMP
#
tantek going to capture some articles before asking questions
#
tantek AMP << 2017-08-31 Ethan Marcotte: [https://ethanmarcotte.com/wrote/ampersand/ AMPersand]
#
Loqi ok, I added "2017-08-31 Ethan Marcotte: [https://ethanmarcotte.com/wrote/ampersand/ AMPersand]" to the "See Also" section of /Accelerated_Mobile_Pages
#
loqi.me edited /Accelerated_Mobile_Pages (+84) "tantek added "2017-08-31 Ethan Marcotte: [https://ethanmarcotte.com/wrote/ampersand/ AMPersand]" to "See Also"" (view diff)
#
tantek AMP << 2015-10-10 {{adactio}}: [https://adactio.com/journal/9646 AMPed up]
#
Loqi ok, I added "2015-10-10 {{adactio}}: [https://adactio.com/journal/9646 AMPed up]" to the "See Also" section of /Accelerated_Mobile_Pages
#
loqi.me edited /Accelerated_Mobile_Pages (+70) "tantek added "2015-10-10 {{adactio}}: [https://adactio.com/journal/9646 AMPed up]" to "See Also"" (view diff)
#
Loqi [Jeremy Keith] AMPed up
#
tantek AMP << 2016-04-06 [https://opensource.com/life/16/4/accelerated-mobile-pages-amp-open-or-closed Accelerated Mobile Pages (AMP): Open or closed?]
#
Loqi ok, I added "2016-04-06 [https://opensource.com/life/16/4/accelerated-mobile-pages-amp-open-or-closed Accelerated Mobile Pages (AMP): Open or closed?]" to the "See Also" section of /Accelerated_Mobile_Pages
#
loqi.me edited /Accelerated_Mobile_Pages (+140) "tantek added "2016-04-06 [https://opensource.com/life/16/4/accelerated-mobile-pages-amp-open-or-closed Accelerated Mobile Pages (AMP): Open or closed?]" to "See Also"" (view diff)
#
tantek AMP << 2016-02-24 [https://timkadlec.com/2016/02/a-standardized-alternative-to-amp/ CPP: A Standardized Alternative to AMP] (Related: [https://news.ycombinator.com/item?id=12787462 HN comments on], WICG [http://wicg.github.io/ContentPerformancePolicy/ Content Performance Policy draft])
#
loqi.me edited /Accelerated_Mobile_Pages (+282) "tantek added "2016-02-24 [https://timkadlec.com/2016/02/a-standardized-alternative-to-amp/ CPP: A Standardized Alternative to AMP] (Related: [https://news.ycombinator.com/item?id=12787462 HN comments on], WICG [http://wicg.github.io/ContentPerformanc" (view diff)
#
Loqi ok, I added "2016-02-24 [https://timkadlec.com/2016/02/a-standardized-alternative-to-amp/ CPP: A Standardized Alternative to AMP] (Related: [https://news.ycombinator.com/item?id=12787462 HN comments on], WICG [http://wicg.github.io/ContentPerformancePolicy/ Content Performance Policy draft])" to the "See Also" section of /Accelerated_Mobile_Pages
#
Loqi — February 24, 2016 —CPP: A Standardized Alternative to AMP It’s no secret that I have reservations about Googl...
EmreSokullu and eli_oat1 joined the channel