#dev 2019-08-11

2019-08-11 UTC
[fluffy], KartikPrabhu, jjuran, [tantek], [Michael_Beckwit, Loqi, cameronbrown[m], RDeckardDiscord[, TH0RynDiscord[m], pbvieDiscord[m], tobowersDiscord[, eddy[m], Valium[m], RockSteadyTRTL[m, RealityDiscord[m, jimpick[m], myfreeweb, johanherman[m]1, postablesDiscord, MesaDiscord[m], EugeneDiscord[m], lyonDiscord[m], UserDiscord[m], grvhiDiscord[m], Rick[m], Guest8644, cristobalDiscor4, codynhatDiscord[, zoink92Discord[m, baluptonDiscord[, eddyDiscord[m], DendiDiscord[m], tangoDiscord[m], macerbi[m]1, sfroment[m], rozgoDiscord[m], drbh[m], nofwayyDiscord[m, XierumengDiscord, SweatDiscord[m], h2Discord[m], chmanieDiscord[m, enricomarino[m], drshamoonDiscord, Turtle1331Discor, hvergaraDiscord[, SchwartzDiscord[, gregjeanmartDisc, oed3[m], JungleHeartDisco, kevinbird15Disco, mZDiscord[m]1, malaclypsDiscord, KYZITEMELOS93Dis, jenncloudDiscord, chmanieDiscord[4, andrewxhill[m], strugee, Lolicon[m], j4y_funabashi[m], pierrebocDiscord, RealSnazzyDiscor, marcusrbrownDisc, M011000100111010, rittmeDiscord[m], cyluDiscord[m], Kongaloosh, jmac, jeremycherfas, rainmanjam, IWSlackGateway and rainmanj_ joined the channel
#
jacky
getting errors from Instagram
#
jacky
wonder if it's just some passive rate limit kind of thing
#
aaronpk
I hope that's it, and not related to their most recent crackdown
IWSlackGateway joined the channel
#
jacky
also re: ownyourgram
#
jacky
actually lemme confirm this
#
jacky
yeah it's using multi-part uploads without requesting the `media` scope
#
jacky
yeah I think I might have to log out and log in again maybe to see if it needs to re-request the scopes
#
jacky
nope still only that
#
jacky
thinks he might have to adjust his site to allow for uploads to occur even if they're URL-based ones
#
jacky
that was a bit of paranoia of me not wanting random uplaods
#
jacky
*uploads
#
aaronpk
I should make ownyourgram request "media" scope too tho
#
Loqi
[jalcine] #83 Update auth.php to also require 'media' scope
#
aaronpk
yes exactly like that haha
#
jacky
aaronpk++
#
Loqi
aaronpk has 43 karma in this channel over the last year (197 in all channels)
#
jacky
lol now my site's complaining about something I forgot I had in there
#
jacky
`error: too_many_media_types`
#
aaronpk
what does that mea?
#
jacky
it was a silly patch I had
#
jacky
to not upload more than one media type at a time
BenLubar, IWSlackGateway and [Rose] joined the channel
#
[Rose]
SO I've just discovered I have a subdomain called "Auth", and when I go there I just get "Nope" as a response
#
[Rose]
Intriguing
#
[Rose]
Apparently it was a pass through for OAuth 2.0 to Shortcuts
IWSlackGateway, loicm, gxt, [KevinMarks], jgmac1106, vika_nezrimaya, [Lewis_Cowles], [svandragt] and [eddie] joined the channel
#
shrysr
KartikPrabhu: Thank you. I was aware of the post. I wanted to actually use the webmentions.io app hosted locally for a hugo website. In any case, I have paused that and switched back to wordpress. Thanks to some excellent help in the #indieweb-wordpress channel , i have almost got it all set up.
[KevinMarks] and [snarfed] joined the channel
#
[snarfed]
bridgy instagram is still fine, eg https://brid.gy/instagram/aaronpk polled successfully just an hr ago. cc aaronpk jacky
[tantek], [Lewis_Cowles], [grantcodes], [fluffy] and [eddie] joined the channel
#
vika_nezrimaya
Oh well, I really did forget the crude pipeline I used in the past to make my website work
#
vika_nezrimaya
wait
#
vika_nezrimaya
nononononono it should be a very old version
#
vika_nezrimaya
where are my files?!!!
#
vika_nezrimaya
oh I found them
[Rose] joined the channel
#
vika_nezrimaya
As a debugging aid, I added to my software a dangerous ability to run WITHOUT access control. Gated behind an undocumented parameter that accepts only a specific string, prints around 10 lines in the log if the parameter is set to ANYTHING beyond that specific string, and crashes the software. And even if you put the string there, it still prints a CRITICAL-level warning in the logs :3
#
vika_nezrimaya
I think this is fool-proof enough
#
vika_nezrimaya
I may have add a fake invocation of `rm -rf / --no-preserve-root` to it if it isn't scary enough :3
#
vika_nezrimaya
but do you think it's scary enough?
#
[fluffy]
I’d worry about people who are acting maliciously and see this action being possible. They don’t care about warnings if they just want to make trouble.
#
vika_nezrimaya
Well, that needs access to the config file
#
vika_nezrimaya
and at this stage you're kinda screwed anyway
#
vika_nezrimaya
'cause I can just do `redis-cli flushall` and wipe your whole DB out
#
vika_nezrimaya
or do even more malicious things
#
vika_nezrimaya
@fluffy so while you have a point - this IS usable maliciously - the malicious actors could do it anyway by stealing DB credentials
#
vika_nezrimaya
and they are in the config...
#
vika_nezrimaya
yeah, I didn't clarify that it's a config parameter
#
vika_nezrimaya
sorry :3
#
vika_nezrimaya
no undocumented query arguments to Micropub endpoint itself are accepted
#
vika_nezrimaya
ugh
#
shrysr
voxpelli: how do I get the indieauth token for using the editorial app ?
#
vika_nezrimaya
YAY, IMPORT WORKED!!!
#
Loqi
giggles
#
vika_nezrimaya
Now I only need to write a renderer and I'll have read-only.
[schmarty], jgmac1106, jeremycherfas, KartikPrabhu and [tantek] joined the channel