#dev 2018-03-02

2018-03-02 UTC
#
bear if your EU centric and have used Trustico for TLS Certificates you may want to change them -- https://arstechnica.com/information-technology/2018/03/trustico-website-goes-dark-after-someone-drops-critical-flaw-on-twitter/
#
GWG Hi bear
#
bear hi
#
GWG bear, I miss seeing you. You should come to an IWC
#
bear I have been trying to get to NY or Baltimore for one
#
bear work and life have kept me busier than I like
#
GWG Ditto. Except for the life. I am life challenged
#
bear life is challenging even when it's going well :)
#
GWG Agreed
theReal33mhz joined the channel
#
www.boffosocko.com created /wuphf (+1871) "stub page; The last word in social networking (lulz)" (view diff)
KartikPrabhu joined the channel
#
tantek wow ^^^
#
tantek should we really be linking to a rnado supplement site tho?
#
tantek.com edited /wuphf (+15) "unlink affiliate marketing site (looks too much like a spam link)" (view diff)
#
tantek !tell GWG,aaronpk remember I was asking about is there a way to auto-link flight codes to flight status pages / maps? I found this Flightaware, e.g. https://flightaware.com/live/flight/UA59
#
Loqi Ok, I'll tell them that when I see them next
#
tantek what is autolink
#
Loqi An autolink is a hyperlink that was automatically added to some text to link that text to an obvious or useful destination, like hyperlinking a URL in plaintext to the URL itself, linking hashtags to search results, and @-names to their profile pages https://indieweb.org/autolink
#
GWG tantek: There is that, yes
#
Loqi GWG: tantek left you a message 1 minute ago: remember I was asking about is there a way to auto-link flight codes to flight status pages / maps? I found this Flightaware, e.g. https://flightaware.com/live/flight/UA59
#
tantek GWG, any reason *not* to link to FlightAware?
#
GWG Not specifically. I am a contributor to them.
#
tantek.com edited /autolink (+283) "brainstorming, Flight status and tracking" (view diff)
#
tantek nice
#
tantek is it a silo?
#
GWG Just remember, that won't show historically.
#
tantek (as in, if you're contributing)
#
tantek what is FlightAware
#
Loqi Flightaware is popular flight tracking service https://indieweb.org/Flightaware
#
GWG tantek: It is, but I also contribute to FlightRadar24
#
tantek oh hey
#
GWG And I've thought about a few more
#
GWG I basically send my data to whoever accepts it
#
GWG Same with my weather station
#
tantek.com edited /Flightaware (+159) "CamelCase name, link to site, example, could be used for autolink" (view diff)
#
tantek GWG, how are you sending your data to it?
#
tantek.com moved /Flightaware to /FlightAware "canonical capitalization from their site"
#
tantek.com edited /autolink (-7) "/* Brainstorming */ linky" (view diff)
#
tantek GWG, looks like history is possible: e.g. https://flightaware.com/live/flight/UAL59/history/20180228/1150Z/EDDF/KSFO
#
tantek looks like you need the departure date, time in Z, four letter airport from, four letter airport too
#
tantek to*
#
GWG I thought they limited that. Will have to look
[kevinmarks] joined the channel
#
[kevinmarks] Mention of a different Indie group in this https://mtlynch.io/why-i-quit-google/
#
tantek kevinmarks, seems like a critique of "metrics driven" promotions
#
tantek wow: "If the promotion committee doesn’t reward bugfixing or team support work, why was I doing that?"
tantek joined the channel
#
tantek.com edited /indie (+16) "/* Prefix */ indieauth" (view diff)
#
tantek what is Indie Hackers
#
Loqi It looks like we don't have a page for "Indie Hackers" yet. Would you like to create it? (Or just say "Indie Hackers is ____", a sentence describing the term)
#
tantek Indie Hackers is https://www.indiehackers.com/ an online forum (no relation to IndieWeb or IndieWebCamp) of founders working on profitable businesses and side projects, that was notably mentioned in [https://mtlynch.io/why-i-quit-google/ Why I Quit Google to Work for Myself], a blog post detailing why a 4 year [[Google]] employee quit to pursue independent ventures.
#
Loqi ok
#
loqi.me created /Indie_Hackers (+395) "prompted by tantek and dfn added by tantek" (view diff)
#
kaja.sknebel.net edited /Indie_Hackers (+2) "linkify ('… is <url>' pattern)" (view diff)
#
tantek worth at least defining to clarify no relation to despite the name
renem, KartikPrabhu and ancarda joined the channel
#
@franckpaul @elpep alors que t’allais justement ouvrir les commentaires et les pingbacks/webmentions, c’est ballot :-p (twitter.com/_/status/969425304052813824)
mifga, deathrow1, voxpelli, ScalaWilliam, snarfed, tantek, MylesBraithwaite, maingo and kapowaz joined the channel
#
tantek.com edited /chat.indieweb.org (-184) "r" (view diff)
#
tantek.com edited /discuss (+14) "chat logs source link" (view diff)
[eddie], tantek, leg, cweiske, AngeloGladding and [kevinmarks] joined the channel
#
[kevinmarks] unicode << https://mathiasbynens.be/notes/javascript-unicode
#
Loqi ok, I added "https://mathiasbynens.be/notes/javascript-unicode" to a brand new "See Also" section of /wide_unicode
#
loqi.me edited /wide_unicode (+69) "[kevinmarks] added "https://mathiasbynens.be/notes/javascript-unicode" to "See Also"" (view diff)
#
Zegnat unicode << https://mathiasbynens.be/notes/mysql-utf8mb4
#
Loqi ok, I added "https://mathiasbynens.be/notes/mysql-utf8mb4" to the "See Also" section of /wide_unicode
#
Zegnat wait, why does unicode redirect to wide_unicide?
#
Zegnat what is unicode?
#
Loqi Unicode is a standard for encoding characters (letters, numbers, etc) in computer data https://indieweb.org/Unicode
#
Zegnat what is wide_unicode?
#
Loqi wide unicode is a term for Unicode high code points with ordinals greater than 16 bits, ie above the Basic Multilingual Plane https://indieweb.org/wide_unicode
#
cweiske what is unicide?
#
Loqi It looks like we don't have a page for "unicide" yet. Would you like to create it? (Or just say "unicide is ____", a sentence describing the term)
#
Zegnat Misspelling cweiske ;)
#
Zegnat Odd, it looks as if Loqi’s See Also appending uses a different keyword resolving from the what is...
#
Zegnat !tell aaronpk It seems like Loqi uses a case-insensitive page matching to answer “what is ____” questions, but uses the first MediaWiki search result for appending with <<. This means that appending to e.g. “unicode” goes to a different page than “what is unicode?” links to.
#
Loqi Ok, I'll tell them that when I see them next
#
vanderven.se martijn edited /Unicode (+717) "Add 2 great articles by Mathias on using unicode in [[JavaScript]] and [[MySQL]]. h/t {{kevinmarks}}" (view diff)
#
vanderven.se martijn edited /wide_unicode (-10) "Remove See Alsos (moved to [[Unicode]] proper), link to Unicode page, add alternative names for high code points." (view diff)
barpthewire, jeremycherfas and deathrow1 joined the channel
#
tommorris.org edited /site-deaths (+167) "/* 2017 */ adding Tribe.net" (view diff)
eli_oat, eli_oat1, [miklb], jjuran, [kevinmarks], KartikPrabhu, [chrisaldrich] and chrisaldrich joined the channel
#
petermolnar_ ::grumble... too many channels... :::
#
KartikPrabhu :P
#
[miklb] afaik php > 7 has its own built in opcache, but it’s not my area of expertise, I’ve just done a fair bit of research
#
petermolnar_ php 5.5 brought it
#
petermolnar_ actually, 5.4 but it was not on by default
#
[miklb] ok, so your point?
#
petermolnar_ PHP has a layer, called opcode cache, which is, in essence, a PHP compiled code cache; this was APC, now the OpCache
#
[miklb] yes…
#
petermolnar_ WordPress has a "cache", which is a gigantic, global variable
#
[miklb] please go on…
#
petermolnar_ when this cache is stored in an external something - let it be memcache, redis, apcu -, that is referred to as wordpress opcache
#
petermolnar_ however, all the plugins I tried utilising this eventually slowed wp down
#
petermolnar_ depending on how large that in-memory cache object is
#
petermolnar_ if you didn't experience this, that is a good sign, and I'm curious which plugin is achieving it
#
petermolnar_ I couldn't make this running, not even with APCu, which is, in theory, closer to PHP, than Redis (no networking involved)
#
[miklb] https://wordpress.org/plugins/redis-cache/
#
Loqi [Till Krüss] Description A persistent object cache backend powered by Redis. Supports Predis, PhpRedis (PECL), HHVM, replication, clustering and WP-CLI. To adjust the connection parameters, prefix cache keys or configure replication/clustering, please see Other ...
#
petermolnar_ if it works fine for you, it's ok; again, any time I tried any of these, for me, it just made things slower
#
[miklb] and by the same author, for clearing nginx cache https://wordpress.org/plugins/nginx-cache/
#
Loqi [Till Krüss] Description Purge the Nginx cache (FastCGI, Proxy, uWSGI) automatically when content changes or manually within WordPress. Requirements: The Filesystem API needs to function without asking for credentials. Nginx and PHP need to run under the same u...
#
petermolnar_ I might have abused something with theming/plugins I wasn't aware
#
[miklb] so a combination of those two things plus google_page_speed to hack in some criticalcss among a few other tweaks, plus doing some subsetting and deferring font loading, I’m pretty pleased with my performance as to page load times.
#
petermolnar_ I'm glad it works for you
#
[miklb] I just started using ImageOptim API for image optimization for uploads before being offloaded to serve from my S3/cloudfront
#
petermolnar_ there used to be some image optimisation plugin I was quite happy with: https://wordpress.org/plugins/cw-image-optimizer/ but it needed littleutils and exec(?) to be allowed if I remember correctly
#
Loqi [Jacob Allred] Description The CW Image Optimizer is a WordPress plugin that will automatically and losslessly optimize your images as you upload them to your blog. It can also optimize the images that you have already uploaded in the past. Because CW Image Optimi...
#
[miklb] I think I looked at that briefly then saw it hadn’t been updated in a while and passed. I’ll take a closer look.
#
petermolnar_ I didn't like the idea of passing all images through an api and this was local
#
petermolnar_ but I haven't used it in many years
#
www.amitgawande.com edited /Webmention (+252) "/* IndieWeb Examples */" (view diff)
#
[miklb] I did think about that, but I’m only posting public photos anyway. I’ve used the ImageOptim Mac app for a long time, so there’s a certain trust/familiarity that I have. But all locally would be ideal.
#
www.amitgawande.com uploaded /File:amit-webmentions-comment.png "Displaying webmentions as comments on amitgawande.com https://indieweb.org/File:amit-webmentions-comment.png"
snarfed, [kevinmarks], tantek and [eddie] joined the channel
#
www.boffosocko.com created /bus_factor (+322) "prompted by chrisaldrich" (view diff)
#
snarfed.org edited /bus_factor (+257) "open source" (view diff)
#
sknebel !tell manton: since you already recommend dnsimple for micro.blog (http://help.micro.blog/2015/custom-domains/), you should also add it to their service templates so people have an easier time configuring it! see https://github.com/dnsimple/dnsimple-services#fields
#
Loqi Ok, I'll tell them that when I see them next
#
www.svenknebel.de edited /web_hosting (-13) "/* Custom domain silos */ linkfix squarespace docs" (view diff)
[snarfed], tomasparks and jjuran joined the channel
#
aaronpk so close to being able to move off of IRC for reading
#
Loqi aaronpk: tantek left you a message 16 hours, 55 minutes ago: remember I was asking about is there a way to auto-link flight codes to flight status pages / maps? I found this Flightaware, e.g. https://flightaware.com/live/flight/UA59
#
Loqi aaronpk: Zegnat left you a message 9 hours, 55 minutes ago: It seems like Loqi uses a case-insensitive page matching to answer “what is ____” questions, but uses the first MediaWiki search result for appending with <<. This means that appending to e.g. “unicode” goes to a different page than “what is unicode?” links to.
#
www.boffosocko.com edited /social_media_fatigue (+234) "article: How many social media related accounts can one person have on the web?!; emojicon: weary face" (view diff)
#
www.boffosocko.com edited /acquisition (+181) "my recent example" (view diff)
tantek, snarfed, KartikPrabhu and leg joined the channel
#
[miklb] tantek what was the wiki page you asked me to look at? Slack is still flaky about notifications from IRC
#
tantek no prob
#
tantek what is algorithmic timeline
#
Loqi algorithmic timeline (sometimes non-chronological timeline) is a doublespeak phrase propagated by silos (and some popular media) to refer to social media algorithmic feed feature(s), as a timeline is "a display of a list of events in chronological order"[1], whereas silos now (since 2016+) use "timeline" to refer to often out of chronological order display of aggregations of following's posts which still presentationally resemble previous chronologically ordered displays https://indieweb.org/algorithmic_timeline
#
[miklb] no disagreements from me & I don’t think it is as opinionated as it is supported by fact
#
tantek appreciate your review!
#
loqi.me created /two_factor_authorization (+106) "prompted by tantek and dfn added by bear" (view diff)
#
tantek noooo
#
loqi.me edited /two_factor_authorization (+45) "bear added "two factor authentication" to "See Also"" (view diff)
leg joined the channel
#
tantek bear, interesting, Wikipedia has settled on multi-factor authentication as the canonical phrase
#
bear they can if they want
#
tantek https://en.wikipedia.org/wiki/Multi-factor_authentication
#
bear the A in 2FA is meant to authenticate the user as being who they are - authorization would be what they are allowed to do, not who they are
#
[miklb] bear++
#
Loqi bear has 22 karma in this channel (198 overall)
#
tantek I can't tell if you're agreeing or arguing bear
#
bear i'm disagreeing with what wikipedia is saying
#
bear "two factor authentication"
#
bear when I type in the numbers from TOTP app I am providing a secondary means of authentication as to my identity
#
bear which is a distinct step of then determining what i'm authorized to do
#
tantek I'm confused how you're disagreeing since you said "authentication" and WP also says that
#
bear hold on - i'm trying to be fast and may have just blundered mightily
#
bear it's authentication - I think I misunderstood you saying that wikipedia was suggesting "authorization" as being canonical
#
tantek there was a difference but not that
#
tantek WP decided in "multi-factor" rather than "two-factor" as canonical
#
tantek decided *on
#
bear my adding the see-also was to get the link in place so I could fix the page that said "two factor authorization" to be a comment about it not being accurate and a redirect
#
bear yes, multi-factor is better for two-factor is common enough to still be accurate IMO
#
bear apologies for thinking I could help here while also dealing with Github DDoS secondary issues
#
tantek ok I'll move our page accordingly
#
tantek wait what another GitHub DDoS?!?
#
bear they have been getting hit multiple times today and yesterday
#
tantek GitHub has been getting hit themselves?
#
tantek ok that's different than when their JS was hijacked
#
bear yea, this is a ddos against their infra - it's causing rippling degradations with all of the stuff we regularly interact with
leg joined the channel
#
tantek.com moved /Two-factor_authentication to /multi-factor_authentication "good enough for wikipedia, plus bear said it was ok :)"
#
bear :)
#
tantek.com edited /multi-factor_authentication (+115) "fix dfn, remove SMS from dfn as it's one of the weakest second factors" (view diff)
#
tantek what is multi-factor
#
Loqi It looks like we don't have a page for "multi-factor" yet. Would you like to create it? (Or just say "multi-factor is ____", a sentence describing the term)
#
tantek multi-factor is /multi-factor_authentication
#
Loqi ok
#
loqi.me created /multi-factor (+40) "prompted by tantek and redirect added by tantek" (view diff)
#
tantek what is two-factor
#
Loqi It looks like we don't have a page for "two-factor" yet. Would you like to create it? (Or just say "two-factor is ____", a sentence describing the term)
#
tantek two-factor is /multi-factor_authentication
#
loqi.me created /two-factor (+40) "prompted by tantek and redirect added by tantek" (view diff)
#
Loqi ok
#
tantek bear do people use MFA as an abbr then?
#
bear 2FA more than MFA - but yes
#
Zegnat The open protocol for USB fibs like YubiKey also goes with the “2” version, IIRC? U2F?
#
Zegnat What is U2F?
#
Loqi Universal 2nd Factor (AKA U2F) is a standard for two-factor authentication using hardware tokens https://indieweb.org/U2F
theReal33mhz joined the channel
#
tantek.com edited /two_factor_authorization (-110) "r" (view diff)
#
tantek.com edited /micro.blog (-13) "s/platform/service" (view diff)
KartikPrabhu, [chrisaldrich], snarfed, jjuran and [kevinmarks] joined the channel
#
tantek what is Trustico
#
Loqi It looks like we don't have a page for "Trustico" yet. Would you like to create it? (Or just say "Trustico is ____", a sentence describing the term)
#
tantek what is Comodo
#
Loqi It looks like we don't have a page for "Comodo" yet. Would you like to create it? (Or just say "Comodo is ____", a sentence describing the term)
#
tantek well then I'll just leave this year in case anyone had/has certs from them: https://arstechnica.com/information-technology/2018/03/23000-https-certificates-axed-after-ceo-e-mails-private-keys/
#
tantek another one for you bear :)
#
tantek the punchline is amazing BTW
#
tantek starting with "Update: Several hours after this post went live, ..."
snarfed, chrisaldrich and jjuran joined the channel
#
@swentel If you see this on Twitter, then it means http://brid.gy is able to publish this from my site after sending a webmention :) #indieweb (https://realize.be/notes/1217) (twitter.com/_/status/969687313319190528)
#
www.boffosocko.com edited /issue (+419) "specific example of an issue (instead of just a reply) and example of first backfed response via Bridgy" (view diff)
[miklb] and barpthewire joined the channel
#
tantek.com edited /Vero (+582) "dfn grammar, quick abandonment, criticism" (view diff)
leg joined the channel
#
tantek.com edited /Share_Backported (+10) "dfn g" (view diff)
#
tantek.com edited /bus_factor (+37) "subhead how to mitigate" (view diff)
#
tantek.com edited /bus_factor (+25) "or service" (view diff)
#
tantek.com edited /timeline_review (-6) "dfn g" (view diff)
#
tantek not perfect, but improved / good enough
#
gRegorLove wow, tantek. that's crazy about the cert private key
#
gRegorLove What is vero?
#
Loqi Vero is an Instagram-like social network that is free for now but claims to be pursuing a model sustained by yearly fees and fees from in-app product sales instead of normal advertising models, and has been gaining publicity in February 2018, as well as quick public abandonment with the hashtag #deletevero https://indieweb.org/Vero
#
theReal33mhz haha. Bus factor. I'm working on that. A leadership team has started meeting monthly, but it's still necessarily a benevolent dictatorship at pnut.io.
#
Loqi rofl
#
gregorlove.com edited /Vero (+657) "/* Criticism */ Alleged labor violations by CEO" (view diff)
#
tantek whoa
#
bear yea, the Trustico, Comodo story is just so full of sadness
[eddie] joined the channel
#
[eddie] !tell aaronpk: what’s still holding you back from going full 💯 Microsub?
#
Loqi Ok, I'll tell them that when I see them next
#
tantek bear is it worth documenting for us? for /HTTPS etc.? where to (not) get certs?
#
bear that list would be very hard to keep current - I would rather document where to go to find out if your vendor is trusted
#
tantek yeah
#
bear i'm asking some secops friends what they use
#
snarfed default answer for average needs is now probably lets encrypt, right?
#
bear that is what I would go with
#
bear the "average" Indieweb person is 100% ok with sticking with LetsEncrypt
#
bear so the short list from them is : LetsEncrypt for everything unless you need a wildcard, then it's Comodo or Digicert
#
bear the problem with Comodo is more with it's resellers than them
#
tantek bear, in case you want to contribute: https://en.wikipedia.org/wiki/Trustico
#
Loqi Trustico
#
tantek https://en.wikipedia.org/wiki/Comodo_Group is interesting too
#
Loqi Comodo Group, Inc.
eli_oat and [kevinmarks] joined the channel
#
bear yea, Comodo almost lost it's ability to issue certs from past behaviour
#
www.boffosocko.com edited /content_management_system (+292) "WordPress tweaks for plugins and users" (view diff)
#
[miklb] so as Google pushes https everywhere, the flaws in certs are even more exposed?
#
bear yes - more eyes means more of the little details that used to be overlooked are visible
#
tantek that's good right?
#
bear it's always good IMO
#
[miklb] sunlight is best disinfectant they say.
#
bear FUD thrives in the dark
eli_oat and leg joined the channel