#dev 2018-02-13

2018-02-13 UTC
snarfed and [kevinmarks] joined the channel
gRegorLove_, snarfed, snarfed1, workingwriter, renem, [workingwriter], [miklb], [tantek] and tantek joined the channel
#
tantek
[kevinmarks] "Here, let’s make a user table in Postgres" lol. Here, let's start with a plumbing-centric thought-exercise. How about we don't?
#
tantek
and I see zero mention of any research about how do any existing sites deal with usernames.
#
tantek
so yes, if you ignore prior art, x is harder than it should be
strugee, tantek, [xavierroy] and [snarfed] joined the channel
#
[snarfed]
so re github oauth permissions... they have another class of apps with finer granularity... but still not quite ideal
#
[snarfed]
tldr, i may be able to offer either read only on public *and* private repos, or read/write on public only, but not read only on public only :(
#
[snarfed]
(95% sure, will confirm)
#
[snarfed]
open to thoughts
tantek joined the channel
#
[miklb]
there is an app scope just for issues. https://developer.github.com/v3/issues/
#
[miklb]
or I may be missing something, haven’t been able to keep up with conversation
#
tantek
snarfed, "public only" would consistent with Bridgy methodology so far on other silos
#
tantek
"read/write on public only" seems to make the most sense, because presumably you want to be able to "write" a new issue or comment, or edit one
#
tantek
or delete
#
tantek
(or is this for the backfeed half?)
#
tantek
goes back to coding
#
[snarfed]
yeah, backfeed
#
[snarfed]
but understood
#
[snarfed]
miklb: yup! but that scope includes private repos, at least by default :(
#
Ruxton
mm yeah I'd have a huge issue giving you visibility to my private repos
#
[snarfed]
me too :(
sebsel, barpthewire, [kevinmarks], [pfefferle], mifga, [mrkrndvs], [xavierroy] and [gerwitz] joined the channel
#
islandinthenet.com
edited /Planning (+30) "/* Online */"
(view diff)
#
islandinthenet.com
edited /Planning (-8) "/* Online */"
(view diff)
jeremycherfas and [colinwalker] joined the channel
#
islandinthenet.com
edited /User:Islandinthenet.com (+57) "/* Khürt Williams */"
(view diff)
#
islandinthenet.com
edited /User:Islandinthenet.com (+104) "/* Khürt Williams */"
(view diff)
#
islandinthenet.com
edited /Planning (+102) "/* Online */"
(view diff)
#
islandinthenet.com
edited /Planning (-102) "/* Online */"
(view diff)
#
islandinthenet.com
edited /User:Islandinthenet.com (+100) "/* Khürt Williams */"
(view diff)
#
islandinthenet.com
edited /User:Islandinthenet.com (-160) "/* Biography */"
(view diff)
#
islandinthenet.com
edited /User:Islandinthenet.com (-177) "/* References */"
(view diff)
#
islandinthenet.com
edited /User:Islandinthenet.com (+9) "/* Khürt Williams */"
(view diff)
#
islandinthenet.com
edited /User:Islandinthenet.com (-174) "/* References */"
(view diff)
#
islandinthenet.com
edited /Planning (+162) "/* Online */"
(view diff)
#
islandinthenet.com
edited /Planning (-161) "/* Online */"
(view diff)
[kevinmarks] and AngeloGladding joined the channel
#
islandinthenet.com
edited /User:Islandinthenet.com (+149) "/* {{Khürt Williams}} */"
(view diff)
#
islandinthenet.com
edited /User:Islandinthenet.com (-443) "/* Khürt Williams */"
(view diff)
[pfefferle] joined the channel
#
islandinthenet.com
edited /User:Islandinthenet.com (+200) "/* Biography */"
(view diff)
#
islandinthenet.com
edited /User:Islandinthenet.com (-33) "/* Background */"
(view diff)
#
islandinthenet.com
edited /User:Islandinthenet.com (+163) "/* Khürt Williams */"
(view diff)
[gerwitz] joined the channel
#
islandinthenet.com
edited /User:Islandinthenet.com (-163) "/* Background */"
(view diff)
leg, [kevinmarks], [xavierroy], eli_oat, dougbeal|mb1, [mifga], ancarda, jeremych_, j12t, KartikPrabhu, [gerwitz] and jeremycherfas joined the channel
#
jeremycherfas
It is so frustrating that PHP seems to care whether one uses single or double quotes.
#
jeremycherfas
Is there ever case for using single quotes?
[kevinmarks] joined the channel
#
[kevinmarks]
When your string includes double quotes?
#
jeremycherfas
Except that apparently the target string in a str_replace MUST be enclosed in double quotes.
#
sknebel
that sounds odd
#
jeremycherfas
All I can tell you is that it worked with double quotes and not with single quotes.
#
aaronpk
double quotes will treat $ as variables inside, single quotes will not
#
aaronpk
so '$foo' will be literally '$foo' but "$foo" will be the value of the $foo variable
#
Zegnat
I basically always use single quotes, because I do not want PHP to go over my string and try to do any resolving of variables and other things
jeremych_ joined the channel
#
Zegnat
[gerwitz], I'd be super tempted to use the markup shown here with the nested h-cite whenever republishing a "clipping": https://indieweb.org/repost#How_to_Publish
#
Zegnat
Except maybe use u-bookmark-of rather than u-repost-of, as it isn't a full repost.
#
jeremych_
Thanks aaronpk
#
jeremych_
Another noobieq: what is the significance of this line
#
jeremych_
curl_setopt($ch, CURLOPT_COOKIEJAR, "/tmp/cookiefile");
#
jeremych_
I see it in some examples, not in others, and can't seem to figure out whether I need it or not.
#
Zegnat
Any cookies will be read and written from and to that file. So you can have the same session going over multiple curl calls.
#
Zegnat
E.g. if your first call logs in to a site, you can store the cookies the site gives back, and then send those cookies on your next request to stay in the logged in session.
#
Zegnat
Might be important if crawling a website or automating tasks. For most APIs you wouldn't need it as those do not tend to set cookies.
#
jeremych_
So then, I guess I do not need it if simply looping through my feed and sending a few curls to my site?
#
Zegnat
Nope.
#
jeremych_
In that case, here goes ...
#
Zegnat
It won't do any harm (if your site doesn't set cookies, nothing gets written anyway)
#
Zegnat
But not necessary either
#
jeremych_
Zegnat -> https://stream.jeremycherfas.net/content/bookmarkedpages/ most recent two entries automated!
#
jeremych_
Not getting the icon I hoped for, but that's minor.
#
jeremych_
Because, I believe, Known strips extraneous HTML from Titles.
#
jeremych_
Oh, and they're coming in the wrong order, but that doesn't matter either as I will only be running this once a day, if that.
tantek joined the channel
#
jeremych_
Thanks, and thanks also for all your help along the way.
#
Zegnat
Awesome!
#
Zegnat
jeremycherfas++
#
Loqi
jeremycherfas has 6 karma in this channel (15 overall)
#
jeremych_
Hardly. But very satisfying nevertheless. I'll do a bit of work with array_reverse() and then maybe see if anyone else is interested.
#
Zegnat
Yeah, there can definitely still be places where Known is stripping HTML. Though you might be able to just fix that on the template end.
#
jeremych_
Zegnat++ sknebel++ cweiske++ for patience and assistance along the way.
#
Loqi
zegnat has 45 karma in this channel (170 overall)
#
jeremych_
Oh, c'mon loqi. You can do better than that.
#
jeremych_
sknebel++ for patience and assistance along the way.
#
Loqi
sknebel has 29 karma in this channel (85 overall)
#
jeremych_
cweiske++ for patience and assistance along the way.
#
Loqi
cweiske has 26 karma in this channel (127 overall)
jeremycherfas joined the channel
#
grantcodes
Sweet, don't know what changed but together is working again for me. Must've been a change to aperture :)
KartikPrabhu, snarfed and [cleverdevil] joined the channel
#
[cleverdevil]
Together isn't working for me since your latest change.
#
[cleverdevil]
Funny, I was just about to ping you [grantcodes]
#
[cleverdevil]
(Looks like potentially a file or change didn't get checked in from your environment? Or maybe its a Safari issue?)
#
[cleverdevil]
I can't even login anymore.
KartikPrabhu and barpthewire joined the channel
#
martymcgui.re
edited /Planning (+38) "/* NYC */ can help + interested"
(view diff)
jackjamieson and [miklb] joined the channel
#
[miklb]
good morning
#
tantek
good morning [miklb]
#
[miklb]
howdy tantek
#
[miklb]
[eddie] I discovered ImageOptim has an API and am currently testing it out
[eddie] joined the channel
#
[eddie]
[miklb] oh cool!
#
tantek
what is ImageOptim
#
Loqi
It looks like we don't have a page for "ImageOptim" yet. Would you like to create it? (Or just say "ImageOptim is ____", a sentence describing the term)
#
tantek.com
edited /Planning (-88) "/* NYC */ in touch with Emma re: Dalberg"
(view diff)
#
[miklb]
works great, just not sure if best value if I’m going to pay for it. Imgix might be a better value
#
[miklb]
ImageOptim is a Mac app and web service for image optimization for publishing on the web. https://imageoptim.com
#
loqi.me
created /ImageOptim (+140) "prompted by tantek and dfn added by [miklb]"
(view diff)
#
kaja.sknebel.net
edited /ImageOptim (+1) "linkify ('x is y. <url>.' pattern)"
(view diff)
#
tantek
what is Imgix
#
Loqi
It looks like we don't have a page for "Imgix" yet. Would you like to create it? (Or just say "Imgix is ____", a sentence describing the term)
#
sknebel
Imgix is https://www.imgix.com/, a image processing service and image CDN.
#
loqi.me
created /Imgix (+101) "prompted by tantek and dfn added by sknebel"
(view diff)
#
kaja.sknebel.net
edited /Imgix (+1) "linkify ('… is <url>' pattern)"
(view diff)
snarfed and KartikPrabhu joined the channel
#
Loqi
Ok, I'll tell them that when I see them next
#
Loqi
[cleverdevil] #23 Cannot log in:
#
grantcodes
Yeah sorry, was a quick hack to get it working online after a server migration
#
grantcodes
if you run yarn build
#
grantcodes
then `node server` it should run on port 10008 instead
#
grantcodes
Can try the hosted version too
#
grantcodes
May need to log out and back in to update your access token with the new scopes too
KartikPrabhu joined the channel
#
grantcodes
Sweet, I'll need to update the local setup at some point so it's just the single command again.
#
[cleverdevil]
Now I get "{"error":"unauthorized","error_description":"The access token provided does not have the necessary scope for this action"}"
#
[cleverdevil]
I was able to complete the login process.
#
[cleverdevil]
But, it doesn't actually seem to work.
#
grantcodes
Did you log out and in again?
#
grantcodes
I was getting that error as well. But now it works without changing anything
#
[cleverdevil]
Yes I did.
#
grantcodes
Maybe my logout function doesn't fully clean the localstorage
#
snarfed
instagram finally pulled the trigger and announced they're killing off their old API entirely, in favor of the new graph api. https://developers.facebook.com/blog/post/2018/01/30/instagram-graph-api-updates/
#
[cleverdevil]
Same on the hosted version.
#
snarfed
no real surprises in the post except for this vague nugget: "Support for Non-Business Profiles [FUTURE]: Basic permissioning for non-business profiles will be supported in early 2019."
#
[cleverdevil]
I'll clear out the local storage.
#
snarfed
aaronpk: OYG is all scraping now, right?
#
aaronpk
"scraping" yeah
#
aaronpk
pulling the JSON from the page
#
[cleverdevil]
Nope, still failing.
#
snarfed
if it's not an API, it's scraping 😂😭
#
aaronpk
and there's that secret ?__a query string that returns json
#
[eddie]
cleverdevil it might be known
#
[cleverdevil]
(Likely is)
#
[eddie]
When I was testing your site with Indigenous I did notice it wasn’t giving me back the microsub scopes
#
[eddie]
But I thought it might have just been my login
#
[cleverdevil]
Yeah, I am guessing it almost certainly *is* Known.
#
grantcodes
Well I'm not sure how aperture handles the login scopes
#
[eddie]
Aperture didn’t bother with the scopes until a recent update a couple days ago
#
grantcodes
I'm not convinced it's known as I had that same bug, then it just started working
#
[eddie]
It returns a 40X error if the right scope isn’t found
#
grantcodes
Maybe aperture caches something it shouldn't
#
aaronpk
it caches access tokens for 5 minutes but known is probably returning a new access token on each login
#
aaronpk
it does rely on Known issuing a token with the expected scopes
#
aaronpk
s/known/the token endpoint
#
grantcodes
Well let's wait 5m and see if it works 😄
eli_oat joined the channel
#
[cleverdevil]
Looks to me like Known may not support scopes properly at all.
#
[cleverdevil]
But, who knows
KartikPrabhu joined the channel
#
aaronpk
that seems likely. maybe I can add an account setting to have Aperture disable scope checking
#
[cleverdevil]
So, looking into my database at all of the tokens, every single one just shows "post."
#
[cleverdevil]
As the full scope.
#
[cleverdevil]
Even though it clearly requests all of the right scopes (displays them upon authorize).
#
grantcodes
Ah yeah that seems like an issue. I guess my issue was just that 5m cache and yours is scopes not being returned properly
#
[cleverdevil]
Yup. I'll dig in more and see if I can fix it in Known later.
#
aaronpk
if it's storing the scopes in the database then you might be able to just change that record
#
[cleverdevil]
Yeah, it is, but I'd like to actually fix it too 🙂
#
[cleverdevil]
I think I fixed it.
#
[cleverdevil]
I'll create a PR later.
#
grantcodes
Actually speaking of this, I have a security question: My token endpoint actually just encrypts the scopes inside the access token and then decrypts the token to get the scopes again. Can anyone think of any issues with that?
#
snarfed
iirc aaronpk has written about stateless tokens like this? (couldn't find it with a few searches)
#
aaronpk
the main drawback with that kind of token is that you can't expire them without adding back state tracking
#
grantcodes
Cool thanks :) I think that's fine for me. I don't use many at one time so if I ever have a security issue I can block a client_id or just expire all tokens
#
snarfed
ok, confirmed re github permission granularity:
#
snarfed
* "oauth apps" can request read/write access to just public repos.
#
snarfed
* "github apps" can request read only vs read/write, to all repos or ones the user selects, but no way to default to public only.
#
snarfed
and the dealbreaker for github apps is, they can't access repos that a user (or org) doesn't own, or notifications, so they're not really usable for backfeed.
#
snarfed
so my tentative plan is for bridgy backfeed to request notifications and public_repo (read/write) permissions
#
snarfed
my one reservation is that notifications includes issue and PR titles (only) from private repos, which the auth prompt doesn't mention :/
#
snarfed
oh well
#
snarfed.org
edited /GitHub (+110) "/* POSSE to GitHub */ star"
(view diff)
eli_oat joined the channel
#
@josephfcox
Vulnerability in Telegram let attackers send malicious files while masking their real extension. Used to deploy cryptocurrency miners, more https://securelist.com/zero-day-vulnerability-in-telegram/83800/ https://pbs.twimg.com/media/DV6ZLp_WsAA1NnK.jpg
(twtr.io/1aagSwNadam)
#
gRegorLove
What is Telegram?
#
Loqi
Telegram is a cross-platform encrypted messaging app https://indieweb.org/Telegram
tantek, KartikPrabhu, eli_oat, AngeloGladding, tantek_, snarfed and chrisaldrich joined the channel
#
loqi.me
created /Memberful (+155) "prompted by chrisaldrich and dfn added by chrisaldrich"
(view diff)
#
kaja.sknebel.net
edited /Memberful (+1) "linkify ('… is <url>' pattern)"
(view diff)
snarfed and [eddie] joined the channel
#
[eddie]
Anyone that is familiar with h-feed parsing might want to ping Brent Simmons on micro.blog, he is trying to figure out what to do when there are two h-feeds on a page: https://micro.inessential.com/2018/02/13/say-youre-writing.html
#
KartikPrabhu
I am sure snarfed knows about this from bridgy work
#
snarfed
eh not really. bridgy only cares about items, not feeds themselves
#
snarfed
short answer seems like, if they have ids, use fragment with id
#
KartikPrabhu
snarfed: interesting