renem, isgy, AngeloGladding, kicks, [tantek], KartikPrabhu and iasai joined the channel
#GWGHmm... aaronpk's site does Accept: application/mf2+json
[eddie], AngeloGladding, KartikPrabhu, cweiske, Guest92, jeremych_ and [pfefferle] joined the channel
#@megarush1024That time you search through all the posts on your site because you know you complained about Spotify’s suggestion algo when you have a playlist on shuffle and it something lame, and you know @jage9 told you how to fix it in a Twitter reply that came back as a webmention. (twitter.com/_/status/1034332413911023616)
stevestreza, [kevinmarks], jeremych_, [pfefferle], rigelk, KevinMarks, [jgmac1106], [xavierroy], jgmac1106, [jgarber] and [tantek] joined the channel
#GWGHow do you securely store access tokens so a website can retrieve data on your behalf?
[Niklas], niklas, ben_thatmustbeme, KevinMarks and barpthewire joined the channel
#@caraudioshoppinDon't be fooled by its size or name...the MicroSub™ CP208 enclosure will provide just the right of amount of bass in this GMC Yukon! Nice choice by our friends !
#HowWePlay #JLAudio #MicroSubb #GMCYukon
Repost from @jlaudioinc (twitter.com/_/status/1034435716745490432)
#petermolnar_how large of a html file is a definite no? I'm re-evaluating of creating a scrobbles archive, but given the csv is 4.3MB, the html would easily lick the 10s of MB size if I want a single page archive
tantek__, KartikPrabhu and [cleverdevil] joined the channel
#tantek__good question petermolnar_ ! I believe aaronpk has similar issues with tracking location
#@megarush1024That time you search through all the posts on your site because you know you complained about Spotify’s suggestion algo when you have a playlist on shuffle and it something lame, and you know @jage9 told you how to fix it in a Twitter reply that came back as a webmention. (twitter.com/_/status/1034332413911023616)
#@megarush1024That time you search through all the posts on your site because you know you complained about Spotify’s suggestion algo when you have a playlist on shuffle and it something lame, and you know @jage9 told you how to fix it in a Twitter reply that came back as a webmention. (twitter.com/_/status/1034332413911023616)
#tantek__pingback OTOH does not have delete. nor do any other forms of refback (trackback, linkback whatever)
#[eddie]eli_oat: One option is also storing all the webmentions but not displaying them all publically
#tantek__so you *could* make the case that by formalizing and requiring "delete" support, webmention by default enables more/easier GDPR compliance than any of the prior alternatives
#eli_oatthat is sort of where I started to move, but then also realized that the effort wasn't really worth the benefit I'd gain
#tantek__eli_oat: indeed there are use-cases for storing but not displaying all
#tantek__e.g. muting, blocking, recording a pattern of (mis)behavior etc.
AngeloGladding joined the channel
#eli_oatI hadn't thought about the data-set value, that seems sort of fun...intriguing
#LoqiThe timeline briefly documents key IndieWeb (and influencing thereof) terms/ideas/concepts, implementations, specifications, events, and other achievements; people involved, and dates/URLs for each https://indieweb.org/timeline
#LoqiIt looks like we don't have a page for "chronological" yet. Would you like to create it? (Or just say "chronological is ____", a sentence describing the term)
#Loqichronological feed is a stream of posts in time order, typically in reverse chronological order of their published date (newest first), popularized on the web by journals and blog home pages, feed readers, and social media, until the latter switched to algorithmic feeds, frustrating many users https://indieweb.org/chronological_feed
#snarfedas another data point, when bridgy crawls h-feeds to find synd links, it rejects any HTML page over 500KB
#Loqichronological timeline is a redundant phrase (timelines are inherently chronological, because they are *time*lines) used to refer to a chronological feed https://indieweb.org/chronological_timeline
#Loqialgorithmic timeline (sometimes non-chronological timeline) is a doublespeak phrase propagated by silos (and some popular media) to refer to social media algorithmic feed feature(s), as a timeline is "a display of a list of events in chronological order"[1], whereas silos now (since 2016+) use "timeline" to refer to often out of chronological order display of aggregations of following's posts which still presentationally resemble previous chronologically ordered displays https://indieweb.org/algorithmic_timeline
#gRegorLoveYou could store it in the session instead. As I realized with indiebookclub, db storage of tokens is only really necessary if you're doing something non-interactively, like Quill's email-to-post
#LoqiA token is an identifier that apps use to authenticate between each other and sites; IndieWeb software often uses an access_token obtained via IndieAuth https://indieweb.org/token
#tantek__perhaps worth adding to a Brainstorming or FAQ section there?
#gRegorLoveYou could also periodically clear the tokens from the db.
#gRegorLoveIf you're talking about a distributed plugin writing to options table, personally I'd be nervous, just because of WP security issues (being such a big target)
#GWGBut I currently store mapbox API keys there, same discomfort
#[schmarty]GWG: as i understand it, storing API keys and other secrets as WP options is common practice. however, i feel like i have also seen plugins which create their own database tables for this purpose to keep them somewhat separated.
#GWGWell, how about the mapbox one...to auto add a map on post creation?
#GWGI don't want to make it impossible. Just not easy
#GWGI suppose I could encrypt it using the salt built into WordPress.
#GWGThen you'd need to compromise the database and a locked down file on the server
#gRegorLoveEh, they only need to compromise the server to read wp-config in that instance, still
#[schmarty]i think the general security model for WP is "if they have your database they have it all"
#tantek__right, most of these attacks come down to "only need to compromise the server"
#tantek__GWG, in general it is good to avoid 'security theater'
#tantek__where it seems like you're doing something to add security, but in practice you're not, and that "seems like" may actually be a negative in that it gives a false impression of added security
#GWGI should hide the key from being copied in the UI though
#LoqiIt looks like we don't have a page for "omnibar" yet. Would you like to create it? (Or just say "omnibar is ____", a sentence describing the term)
#pstuifzandI'm trying to build a full browser based Microsub client, but I need to everything to support CORS (Access-Control-Allow-Origin and friends)
#pstuifzandIs this something a Microsub server should support in some way?
#[grantcodes]Yeah indieauth is one of the main reason to not build everything client side. Asking microsub servers to support cors is fine, but every other website not so much
#[grantcodes]But you could just have a backend for auth
#[cleverdevil]Catching up on scrollback, with regard to storing location history, I save each batch of data from Overland, in a slightly transformed state (one line of normalized JSON data per line) in a single "object" in S3.
#[cleverdevil]Result is that I have hundreds of thousands of objects saved, but that's exactly what S3 is good for.
#[cleverdevil]Then, I have the data in the objects queryable with SQL using Athena.
#[cleverdevil]Basically treats my S3 "data lake" as a gigantic database table.