#dev 2018-02-13

2018-02-13 UTC
snarfed and [kevinmarks] joined the channel
#
[kevinmarks] Usernames are hard https://www.b-list.org/weblog/2018/feb/11/usernames/
gRegorLove_, snarfed, snarfed1, workingwriter, renem, [workingwriter], [miklb], [tantek] and tantek joined the channel
#
tantek [kevinmarks] "Here, let’s make a user table in Postgres" lol. Here, let's start with a plumbing-centric thought-exercise. How about we don't?
#
tantek and I see zero mention of any research about how do any existing sites deal with usernames.
#
tantek so yes, if you ignore prior art, x is harder than it should be
strugee, tantek, [xavierroy] and [snarfed] joined the channel
#
[snarfed] so re github oauth permissions... they have another class of apps with finer granularity... but still not quite ideal
#
[snarfed] https://developer.github.com/apps/getting-started-with-building-apps/#which-type-of-integration-should-i-build
#
[snarfed] tldr, i may be able to offer either read only on public *and* private repos, or read/write on public only, but not read only on public only :(
#
[snarfed] (95% sure, will confirm)
#
[snarfed] open to thoughts
tantek joined the channel
#
[miklb] there is an app scope just for issues. https://developer.github.com/v3/issues/
#
[miklb] or I may be missing something, haven’t been able to keep up with conversation
#
tantek snarfed, "public only" would consistent with Bridgy methodology so far on other silos
#
tantek "read/write on public only" seems to make the most sense, because presumably you want to be able to "write" a new issue or comment, or edit one
#
tantek or delete
#
tantek (or is this for the backfeed half?)
#
tantek goes back to coding
#
[snarfed] yeah, backfeed
#
[snarfed] but understood
#
[snarfed] miklb: yup! but that scope includes private repos, at least by default :(
#
Ruxton mm yeah I'd have a huge issue giving you visibility to my private repos
#
[snarfed] me too :(
sebsel, barpthewire, [kevinmarks], [pfefferle], mifga, [mrkrndvs], [xavierroy] and [gerwitz] joined the channel
#
islandinthenet.com edited /Planning (+30) "/* Online */" (view diff)
#
islandinthenet.com edited /Planning (-8) "/* Online */" (view diff)
jeremycherfas and [colinwalker] joined the channel
#
islandinthenet.com edited /User:Islandinthenet.com (+57) "/* Khürt Williams */" (view diff)
#
islandinthenet.com edited /User:Islandinthenet.com (+104) "/* Khürt Williams */" (view diff)
#
islandinthenet.com edited /Planning (+102) "/* Online */" (view diff)
#
islandinthenet.com edited /Planning (-102) "/* Online */" (view diff)
#
islandinthenet.com edited /User:Islandinthenet.com (+100) "/* Khürt Williams */" (view diff)
#
islandinthenet.com edited /User:Islandinthenet.com (-4) "/* {{sparkline| https://islandinthenet.com/wp-content/uploads/2005/11/NIKON_D3_D3S7474-20131207_276.jpg}}[User:islandinthenet.com| Khürt Williams] */" (view diff)
#
islandinthenet.com edited /User:Islandinthenet.com (-104) (view diff)
#
islandinthenet.com edited /User:Islandinthenet.com (-64) (view diff)
#
islandinthenet.com edited /User:Islandinthenet.com (+320) (view diff)
#
islandinthenet.com edited /User:Islandinthenet.com (-36) (view diff)
#
islandinthenet.com edited /User:Islandinthenet.com (+9) "/* Khürt */" (view diff)
#
islandinthenet.com edited /User:Islandinthenet.com (-160) "/* Biography */" (view diff)
#
islandinthenet.com edited /User:Islandinthenet.com (-177) "/* References */" (view diff)
#
islandinthenet.com edited /User:Islandinthenet.com (+5) (view diff)
#
islandinthenet.com edited /User:Islandinthenet.com (+9) "/* Khürt Williams */" (view diff)
#
islandinthenet.com edited /User:Islandinthenet.com (+1) (view diff)
#
islandinthenet.com edited /User:Islandinthenet.com (-174) "/* References */" (view diff)
#
islandinthenet.com edited /Planning (+162) "/* Online */" (view diff)
#
islandinthenet.com edited /Planning (-161) "/* Online */" (view diff)
#
islandinthenet.com edited /User:Islandinthenet.com (+4) (view diff)
#
islandinthenet.com edited /User:Islandinthenet.com (-53) (view diff)
[kevinmarks] and AngeloGladding joined the channel
#
islandinthenet.com edited /User:Islandinthenet.com (+149) "/* {{Khürt Williams}} */" (view diff)
#
islandinthenet.com edited /User:Islandinthenet.com (+2) (view diff)
#
islandinthenet.com edited /User:Islandinthenet.com (-46) "/* Itches */" (view diff)
#
islandinthenet.com edited /User:Islandinthenet.com (+74) (view diff)
#
islandinthenet.com edited /User:Islandinthenet.com (-443) "/* Khürt Williams */" (view diff)
[pfefferle] joined the channel
#
islandinthenet.com edited /User:Islandinthenet.com (+200) "/* Biography */" (view diff)
#
islandinthenet.com edited /User:Islandinthenet.com (+1) "/* Biography */" (view diff)
#
islandinthenet.com edited /User:Islandinthenet.com (+1) "/* Background */" (view diff)
#
islandinthenet.com edited /User:Islandinthenet.com (-33) "/* Background */" (view diff)
#
islandinthenet.com edited /User:Islandinthenet.com (+163) "/* Khürt Williams */" (view diff)
[gerwitz] joined the channel
#
islandinthenet.com edited /User:Islandinthenet.com (-163) "/* Background */" (view diff)
#
islandinthenet.com edited /User:Islandinthenet.com (+223) (view diff)
#
islandinthenet.com edited /User:Islandinthenet.com (+43) "/* Itches */" (view diff)
leg, [kevinmarks], [xavierroy], eli_oat, dougbeal|mb1, [mifga], ancarda, jeremych_, j12t, KartikPrabhu, [gerwitz] and jeremycherfas joined the channel
#
jeremycherfas It is so frustrating that PHP seems to care whether one uses single or double quotes.
#
jeremycherfas Is there ever case for using single quotes?
[kevinmarks] joined the channel
#
[kevinmarks] When your string includes double quotes?
#
jeremycherfas Except that apparently the target string in a str_replace MUST be enclosed in double quotes.
#
sknebel that sounds odd
#
jeremycherfas All I can tell you is that it worked with double quotes and not with single quotes.
#
aaronpk double quotes will treat $ as variables inside, single quotes will not
#
aaronpk so '$foo' will be literally '$foo' but "$foo" will be the value of the $foo variable
#
Zegnat I basically always use single quotes, because I do not want PHP to go over my string and try to do any resolving of variables and other things
jeremych_ joined the channel
#
Zegnat [gerwitz], I'd be super tempted to use the markup shown here with the nested h-cite whenever republishing a "clipping": https://indieweb.org/repost#How_to_Publish
#
Zegnat Except maybe use u-bookmark-of rather than u-repost-of, as it isn't a full repost.
#
jeremych_ Thanks aaronpk
#
jeremych_ Another noobieq: what is the significance of this line
#
jeremych_ curl_setopt($ch, CURLOPT_COOKIEJAR, "/tmp/cookiefile");
#
jeremych_ I see it in some examples, not in others, and can't seem to figure out whether I need it or not.
#
Zegnat Any cookies will be read and written from and to that file. So you can have the same session going over multiple curl calls.
#
Zegnat E.g. if your first call logs in to a site, you can store the cookies the site gives back, and then send those cookies on your next request to stay in the logged in session.
#
Zegnat Might be important if crawling a website or automating tasks. For most APIs you wouldn't need it as those do not tend to set cookies.
#
jeremych_ So then, I guess I do not need it if simply looping through my feed and sending a few curls to my site?
#
Zegnat Nope.
#
jeremych_ In that case, here goes ...
#
Zegnat It won't do any harm (if your site doesn't set cookies, nothing gets written anyway)
#
Zegnat But not necessary either
#
jeremych_ Zegnat -> https://stream.jeremycherfas.net/content/bookmarkedpages/ most recent two entries automated!
#
jeremych_ Not getting the icon I hoped for, but that's minor.
#
jeremych_ Because, I believe, Known strips extraneous HTML from Titles.
#
jeremych_ Oh, and they're coming in the wrong order, but that doesn't matter either as I will only be running this once a day, if that.
tantek joined the channel
#
sknebel nice
#
jeremych_ Thanks, and thanks also for all your help along the way.
#
Zegnat Awesome!
#
Zegnat jeremycherfas++
#
Loqi jeremycherfas has 6 karma in this channel (15 overall)
#
jeremych_ Hardly. But very satisfying nevertheless. I'll do a bit of work with array_reverse() and then maybe see if anyone else is interested.
#
Zegnat Yeah, there can definitely still be places where Known is stripping HTML. Though you might be able to just fix that on the template end.
#
jeremych_ Zegnat++ sknebel++ cweiske++ for patience and assistance along the way.
#
Loqi zegnat has 45 karma in this channel (170 overall)
#
jeremych_ Oh, c'mon loqi. You can do better than that.
#
jeremych_ sknebel++ for patience and assistance along the way.
#
Loqi sknebel has 29 karma in this channel (85 overall)
#
jeremych_ cweiske++ for patience and assistance along the way.
#
Loqi cweiske has 26 karma in this channel (127 overall)
jeremycherfas joined the channel
#
grantcodes Sweet, don't know what changed but together is working again for me. Must've been a change to aperture :)
KartikPrabhu, snarfed and [cleverdevil] joined the channel
#
[cleverdevil] Together isn't working for me since your latest change.
#
[cleverdevil] Funny, I was just about to ping you [grantcodes]
#
[cleverdevil] (Looks like potentially a file or change didn't get checked in from your environment? Or maybe its a Safari issue?)
#
[cleverdevil] I can't even login anymore.
KartikPrabhu and barpthewire joined the channel
#
martymcgui.re edited /Planning (+38) "/* NYC */ can help + interested" (view diff)
jackjamieson and [miklb] joined the channel
#
[miklb] good morning
#
tantek good morning [miklb]
#
[miklb] howdy tantek
#
[miklb] [eddie] I discovered ImageOptim has an API and am currently testing it out
[eddie] joined the channel
#
[eddie] [miklb] oh cool!
#
tantek what is ImageOptim
#
Loqi It looks like we don't have a page for "ImageOptim" yet. Would you like to create it? (Or just say "ImageOptim is ____", a sentence describing the term)
#
tantek.com edited /Planning (-88) "/* NYC */ in touch with Emma re: Dalberg" (view diff)
#
[miklb] works great, just not sure if best value if I’m going to pay for it. Imgix might be a better value
#
[miklb] ImageOptim is a Mac app and web service for image optimization for publishing on the web. https://imageoptim.com
#
Loqi ok
#
loqi.me created /ImageOptim (+140) "prompted by tantek and dfn added by [miklb]" (view diff)
#
kaja.sknebel.net edited /ImageOptim (+1) "linkify ('x is y. <url>.' pattern)" (view diff)
#
tantek what is Imgix
#
Loqi It looks like we don't have a page for "Imgix" yet. Would you like to create it? (Or just say "Imgix is ____", a sentence describing the term)
#
sknebel Imgix is https://www.imgix.com/, a image processing service and image CDN.
#
Loqi ok
#
loqi.me created /Imgix (+101) "prompted by tantek and dfn added by sknebel" (view diff)
#
kaja.sknebel.net edited /Imgix (+1) "linkify ('… is <url>' pattern)" (view diff)
snarfed and KartikPrabhu joined the channel
#
[cleverdevil] !tell [grantcodes] found a bug, I think - https://github.com/cleverdevil/together/issues/23
#
Loqi Ok, I'll tell them that when I see them next
#
Loqi [cleverdevil] #23 Cannot log in:
#
grantcodes Yeah sorry, was a quick hack to get it working online after a server migration
#
grantcodes if you run yarn build
#
[cleverdevil] No worry.
#
[cleverdevil] (Trying)
#
grantcodes then `node server` it should run on port 10008 instead
#
grantcodes Can try the hosted version too
#
grantcodes May need to log out and back in to update your access token with the new scopes too
#
[cleverdevil] Fixed!
KartikPrabhu joined the channel
#
grantcodes Sweet, I'll need to update the local setup at some point so it's just the single command again.
#
[cleverdevil] Hmmm...
#
[cleverdevil] Now I get "{"error":"unauthorized","error_description":"The access token provided does not have the necessary scope for this action"}"
#
[cleverdevil] I was able to complete the login process.
#
[cleverdevil] But, it doesn't actually seem to work.
#
grantcodes Did you log out and in again?
#
grantcodes I was getting that error as well. But now it works without changing anything
#
[cleverdevil] Yes I did.
#
grantcodes Maybe my logout function doesn't fully clean the localstorage
#
snarfed instagram finally pulled the trigger and announced they're killing off their old API entirely, in favor of the new graph api. https://developers.facebook.com/blog/post/2018/01/30/instagram-graph-api-updates/
#
[cleverdevil] Same on the hosted version.
#
snarfed no real surprises in the post except for this vague nugget: "Support for Non-Business Profiles [FUTURE]: Basic permissioning for non-business profiles will be supported in early 2019."
#
[cleverdevil] I'll clear out the local storage.
#
[cleverdevil] Sec.
#
snarfed aaronpk: OYG is all scraping now, right?
#
aaronpk "scraping" yeah
#
aaronpk pulling the JSON from the page
#
[cleverdevil] Nope, still failing.
#
snarfed if it's not an API, it's scraping 😂😭
#
aaronpk and there's that secret ?__a query string that returns json
#
[eddie] cleverdevil it might be known
#
[cleverdevil] Could be.
#
[cleverdevil] (Likely is)
#
[eddie] When I was testing your site with Indigenous I did notice it wasn’t giving me back the microsub scopes
#
[eddie] But I thought it might have just been my login
#
aaronpk this https://www.instagram.com/aaronpk/?__a=1
#
snarfed yup
#
[cleverdevil] Yeah, I am guessing it almost certainly *is* Known.
#
grantcodes Well I'm not sure how aperture handles the login scopes
#
[eddie] Aperture didn’t bother with the scopes until a recent update a couple days ago
#
grantcodes I'm not convinced it's known as I had that same bug, then it just started working
#
[eddie] It returns a 40X error if the right scope isn’t found
#
[eddie] ohh
#
[eddie] hmm
#
grantcodes Maybe aperture caches something it shouldn't
#
aaronpk it caches access tokens for 5 minutes but known is probably returning a new access token on each login
#
aaronpk it does rely on Known issuing a token with the expected scopes
#
aaronpk s/known/the token endpoint
#
grantcodes Well let's wait 5m and see if it works 😄
#
[cleverdevil] 🙂
eli_oat joined the channel
#
[cleverdevil] Looks to me like Known may not support scopes properly at all.
#
[cleverdevil] But, who knows
KartikPrabhu joined the channel
#
aaronpk that seems likely. maybe I can add an account setting to have Aperture disable scope checking
#
[cleverdevil] So, looking into my database at all of the tokens, every single one just shows "post."
#
[cleverdevil] As the full scope.
#
[cleverdevil] Even though it clearly requests all of the right scopes (displays them upon authorize).
#
grantcodes Ah yeah that seems like an issue. I guess my issue was just that 5m cache and yours is scopes not being returned properly
#
[cleverdevil] Yup. I'll dig in more and see if I can fix it in Known later.
#
aaronpk if it's storing the scopes in the database then you might be able to just change that record
#
[cleverdevil] Yeah, it is, but I'd like to actually fix it too 🙂
#
[cleverdevil] https://cleverdevil.io/s/qdrbOHJZTK.png
#
[cleverdevil] I think I fixed it.
#
[cleverdevil] Yup,.
#
[cleverdevil] I'll create a PR later.
#
grantcodes Actually speaking of this, I have a security question: My token endpoint actually just encrypts the scopes inside the access token and then decrypts the token to get the scopes again. Can anyone think of any issues with that?
#
snarfed iirc aaronpk has written about stateless tokens like this? (couldn't find it with a few searches)
#
aaronpk the main drawback with that kind of token is that you can't expire them without adding back state tracking
#
aaronpk more info here https://www.oauth.com/oauth2-servers/access-tokens/self-encoded-access-tokens/
#
grantcodes Cool thanks :) I think that's fine for me. I don't use many at one time so if I ever have a security issue I can block a client_id or just expire all tokens
#
aaronpk yep
#
snarfed ok, confirmed re github permission granularity:
#
snarfed * "oauth apps" can request read/write access to just public repos.
#
snarfed * "github apps" can request read only vs read/write, to all repos or ones the user selects, but no way to default to public only.
#
snarfed and the dealbreaker for github apps is, they can't access repos that a user (or org) doesn't own, or notifications, so they're not really usable for backfeed.
#
snarfed so my tentative plan is for bridgy backfeed to request notifications and public_repo (read/write) permissions
#
snarfed my one reservation is that notifications includes issue and PR titles (only) from private repos, which the auth prompt doesn't mention :/
#
snarfed https://snarfed.org/github_oauth_notifications.png
#
snarfed oh well
#
snarfed.org edited /GitHub (+110) "/* POSSE to GitHub */ star" (view diff)
eli_oat joined the channel
#
gRegorLove https://twitter.com/josephfcox/status/963375806654418946
#
@josephfcox Vulnerability in Telegram let attackers send malicious files while masking their real extension. Used to deploy cryptocurrency miners, more https://securelist.com/zero-day-vulnerability-in-telegram/83800/ https://pbs.twimg.com/media/DV6ZLp_WsAA1NnK.jpg (twitter.com/_/status/963375806654418946)
#
gRegorLove What is Telegram?
#
Loqi Telegram is a cross-platform encrypted messaging app https://indieweb.org/Telegram
tantek, KartikPrabhu, eli_oat, AngeloGladding, tantek_, snarfed and chrisaldrich joined the channel
#
loqi.me created /Memberful (+155) "prompted by chrisaldrich and dfn added by chrisaldrich" (view diff)
#
kaja.sknebel.net edited /Memberful (+1) "linkify ('… is <url>' pattern)" (view diff)
snarfed and [eddie] joined the channel
#
[eddie] Anyone that is familiar with h-feed parsing might want to ping Brent Simmons on micro.blog, he is trying to figure out what to do when there are two h-feeds on a page: https://micro.inessential.com/2018/02/13/say-youre-writing.html
#
KartikPrabhu I am sure snarfed knows about this from bridgy work
#
snarfed eh not really. bridgy only cares about items, not feeds themselves
#
snarfed short answer seems like, if they have ids, use fragment with id
#
KartikPrabhu snarfed: interesting