2018-05-20 UTC
KartikPrabhu, eli_oat, renem, gRegorLove and [grantcodes] joined the channel
# 04:10 [grantcodes] It now has a popout editor for certain stuff, and it is better at generating previews for new posts snarfed joined the channel
AngeloGladding, jeremycherfas, renem and KartikPrabhu joined the channel
# 08:19 Zegnat jeremycherfas++ for asking phoneboy to document the spam he saw! Was about to do the same, but you beat me to it # 08:19 Loqi jeremycherfas has 11 karma in this channel (25 overall) tglobe and swentel joined the channel
# 11:33 dgold yeah, I've had webmentions for quite some time, and am yet to receive a single spam # 11:34 sknebel might have been via bridgy or pingback. we'll see. # 11:53 dgold I've started anonymizing nginx logs using this scheme: # 11:53 dgold I'd love anyone's inpit into how I can make that better barpthewire joined the channel
# 12:02 dgold oh, it doesn't, it just makes them into .0.0 # 12:03 sknebel I guess a regex is the best way, given the data made available in the config, even though it seems quite wasteful # 12:06 dgold :) I just got to that page and came here to mention it # 12:12 dgold I amended that slightly, so as to only take the first two octets from the dotted quad # 12:32 Zegnat Now add some relatively short-term log rotation to that? leg, eli_oat, jjuran, snarfed, [miklb] and tglobe joined the channel
# 16:42 Zegnat Your webmentions section seems to assume the original writer is sending the webmention though? Which doesn’t have to be the case. (I made to same comment to sgreger.) # 16:47 dgold I accept that as an issue; however the same facts pertain - my site only captures publicly available information # 16:54 [miklb] you’ve convinced me to implement that EFF DNT dgold # 16:59 dgold excellent, [miklb], if I can help any, just call # 17:03 [miklb] I’ve been meaning to take a look at logging anyway, I just use default nginx settings, seems like a good rainy day project. (Related, it’s raining here today.) iasai joined the channel
# 17:08 sknebel I need to build an embed-clickthrough thing ot finish that project Zegnat, AngeloGladding and swentel joined the channel
# 17:31 Zegnat Yeah, definitely doesn't change the effect of the policy dgold, just thought I'd note it :-) iasai and KartikPrabhu joined the channel
# 18:03 bear curious about the conversation on nginx logging # 18:04 bear just learning it or tweaking it for some privacy thing? snarfed, maingo, eli_oat, wagle, romangeeko, [jgmac1106], barpthewire, eli_oat[m], oodani, deathrow1, pstuifzand, jjuran, schmarty and grantcodes joined the channel
# 18:50 bear cool - I read your article, nicely done. I'm implementing most of them now as my rainy day activity also # 18:50 dgold restricting the log to the first two bytes/hexes of an IP # 18:51 bear yea, I was wondering if the first two quads would give enough info, but then I realized that I have never worried about the incoming IP at all :) # 18:52 bear the biggest thing for me was realizing that I was not using no-referrer tglobe joined the channel
# 18:53 dgold bear: I was also a little concerned about that, and came to the same realization # 18:54 dgold damnation, missed a chunk of the nginx logging bit # 18:54 bear yea, so it's enough to do local debugging (like incoming webmention debugging) but not enough to track folks # 18:57 sknebel yeah. I didn't have issues with too many requests from individual IPs etc either, so need to have the full logs for blocking. and if it appears, I can adjust my policy appropriately (e.g. log suspicious subnets, or keep additional short-term logs to identify repeat offenders) # 18:58 dgold sknebel: I can turn back on full stream logging if necessary # 18:58 sknebel exactly, I see no need to not do that only when necessary # 18:59 sknebel the referrer is interesting, I wouldn't have seen it as a relevant leak on a pure webpage, but I guess it is some information # 19:00 sknebel and I personally don't use incoming referrers eithers, despite having considered it a few times iasai joined the channel
# 19:00 dgold yeah, I stripped that from my logs ages ago # 19:01 dgold again, should I need to, i can just take out the `_anon` from the log_format in the server, and et voila, its all back again # 19:02 bear I left both definitions in - will be easy to swap # 19:03 sknebel I considered at some point to basically treat referrers as incoming WMs swentel joined the channel
snarfed, [jeremycherfas] and KartikPrabhu joined the channel
# 20:38 bear dgold++ for having a great page with info on how to do it # 20:38 Loqi dgold has 20 karma in this channel (48 overall) [kevinmarks] and [miklb] joined the channel
# 21:50 [miklb] is the idea of using no-referrer because you send webmentions? # 22:09 Zegnat I am not sure what browser referrer headers have to do with webmentions? deathrow1 joined the channel
# 22:14 GWG I am still wondering of storing IP addresses for webmentions has any practical benefits # 22:33 [miklb] Zegnat, you’re right, upon second thought, it doesn’t really. I suppose I was just thinking, if I’m linking to your site, I send a webmention, that way you know I’ve linked to you. Without that, you may not know otherwise if my referrer header is sent as no-referrer. I believe at least that’s what that means. # 22:34 [miklb] would obviously only know that if someone follows the link. KartikPrabhu and snarfed joined the channel
[grantcodes] Alrighty! More updates to the inline micropub client!
@andrewsreading ✌ @Reading "The Indieweb privacy challenge (Webmentions, silo backfeeds, and the GDPR) // Sebastian Greger" http://ing.am/p/4YUq (twitter.com/_/status/998053820545536001)
@PhoneBoy Well that was fun, deleting the spam webmentions from my http://micro.blog hosted on WordPress. 😒 https://microblog.phoneboy.com/2018/05/19/981/ (twitter.com/_/status/998069338585251840)
sknebel https://stackoverflow.com/questions/6477239/anonymize-ip-logging-in-nginx has a solution for ipv6 too
dgold wrote it all up here: https://ascraeus.org/page/privacy/
@BlogPasCher Trackbacks vs Pingbacks vs Webmentions pour WordPress #themewordpress #pluginswordpress #tutorielwordpress http://rviv.ly/v7zR5I (twitter.com/_/status/998241387828207617)
bear make sure to add yourself to the https://indieweb.org/disclosure page
[miklb] Zegnat, you’re right, upon second thought, it doesn’t really. I suppose I was just thinking, if I’m linking to your site, I send a webmention, that way you know I’ve linked to you. Without that, you may not know otherwise if my referrer header is sent as no-referrer. I believe at least that’s what that means.