#dev 2019-08-11

2019-08-11 UTC
[fluffy], KartikPrabhu, jjuran, [tantek], [Michael_Beckwit, Loqi, cameronbrown[m], RDeckardDiscord[, TH0RynDiscord[m], pbvieDiscord[m], tobowersDiscord[, eddy[m], Valium[m], RockSteadyTRTL[m, RealityDiscord[m, jimpick[m], myfreeweb, johanherman[m]1, postablesDiscord, MesaDiscord[m], EugeneDiscord[m], lyonDiscord[m], UserDiscord[m], grvhiDiscord[m], Rick[m], Guest8644, cristobalDiscor4, codynhatDiscord[, zoink92Discord[m, baluptonDiscord[, eddyDiscord[m], DendiDiscord[m], tangoDiscord[m], macerbi[m]1, sfroment[m], rozgoDiscord[m], drbh[m], nofwayyDiscord[m, XierumengDiscord, SweatDiscord[m], h2Discord[m], chmanieDiscord[m, enricomarino[m], drshamoonDiscord, Turtle1331Discor, hvergaraDiscord[, SchwartzDiscord[, gregjeanmartDisc, oed3[m], JungleHeartDisco, kevinbird15Disco, mZDiscord[m]1, malaclypsDiscord, KYZITEMELOS93Dis, jenncloudDiscord, chmanieDiscord[4, andrewxhill[m], strugee, Lolicon[m], j4y_funabashi[m], pierrebocDiscord, RealSnazzyDiscor, marcusrbrownDisc, M011000100111010, rittmeDiscord[m], cyluDiscord[m], Kongaloosh, jmac, jeremycherfas, rainmanjam, IWSlackGateway and rainmanj_ joined the channel
# 04:55 
jacky getting errors from Instagram
# 04:55 
jacky https://brid-gy.appspot.com/like/instagram/jackyalcine/2103603892104637371_199996853/189947111
# 04:55 
aaronpk ohno
# 04:56 
jacky wonder if it's just some passive rate limit kind of thing
# 04:57 
aaronpk I hope that's it, and not related to their most recent crackdown
IWSlackGateway joined the channel
# 05:26 
jacky also re: ownyourgram
# 05:26 
jacky actually lemme confirm this
# 05:26 
jacky yeah it's using multi-part uploads without requesting the `media` scope
# 05:27 
aaronpk orly?
# 05:27 
jacky yeah I think I might have to log out and log in again maybe to see if it needs to re-request the scopes
# 05:28 
jacky nope still only that
# 05:29 
jacky thinks he might have to adjust his site to allow for uploads to occur even if they're URL-based ones
# 05:29 
jacky that was a bit of paranoia of me not wanting random uplaods
# 05:29 
jacky *uploads
# 05:29 
aaronpk I should make ownyourgram request "media" scope too tho
# 05:32 
jacky like this? https://github.com/aaronpk/OwnYourGram/pull/83 😉
# 05:32 
Loqi [jalcine] #83 Update auth.php to also require 'media' scope
# 05:33 
aaronpk done
# 05:33 
aaronpk oops
# 05:33 
aaronpk yes exactly like that haha
# 05:33 
jacky lol
# 05:33 
jacky welp
# 05:38 
jacky aaronpk++
# 05:38 
Loqi aaronpk has 43 karma in this channel over the last year (197 in all channels)
# 05:39 
jacky lol now my site's complaining about something I forgot I had in there
# 05:40 
jacky `error: too_many_media_types`
# 05:42 
aaronpk what does that mea?
# 05:42 
aaronpk n
# 06:12 
jacky it was a silly patch I had
# 06:12 
jacky to not upload more than one media type at a time
BenLubar, IWSlackGateway and [Rose] joined the channel
# 07:59 
[Rose] SO I've just discovered I have a subdomain called "Auth", and when I go there I just get "Nope" as a response
# 07:59 
[Rose] Intriguing
# 08:01 
[Rose] Apparently it was a pass through for OAuth 2.0 to Shortcuts
IWSlackGateway, loicm, gxt, [KevinMarks], jgmac1106, vika_nezrimaya, [Lewis_Cowles], [svandragt] and [eddie] joined the channel
# 15:51 
shrysr KartikPrabhu: Thank you. I was aware of the post. I wanted to actually use the webmentions.io app hosted locally for a hugo website. In any case, I have paused that and switched back to wordpress. Thanks to some excellent help in the #indieweb-wordpress channel , i have almost got it all set up.
[KevinMarks] and [snarfed] joined the channel
# 16:00 
[snarfed] bridgy instagram is still fine, eg https://brid.gy/instagram/aaronpk polled successfully just an hr ago. cc aaronpk jacky
[tantek], [Lewis_Cowles], [grantcodes], [fluffy] and [eddie] joined the channel
# 18:19 
vika_nezrimaya Oh well, I really did forget the crude pipeline I used in the past to make my website work
# 18:19 
vika_nezrimaya wait
# 18:19 
vika_nezrimaya nononononono it should be a very old version
# 18:19 
vika_nezrimaya where are my files?!!!
# 18:20 
vika_nezrimaya oh I found them
[Rose] joined the channel
# 19:14 
vika_nezrimaya As a debugging aid, I added to my software a dangerous ability to run WITHOUT access control. Gated behind an undocumented parameter that accepts only a specific string, prints around 10 lines in the log if the parameter is set to ANYTHING beyond that specific string, and crashes the software. And even if you put the string there, it still prints a CRITICAL-level warning in the logs :3
# 19:14 
vika_nezrimaya I think this is fool-proof enough
# 19:15 
vika_nezrimaya I may have add a fake invocation of `rm -rf / --no-preserve-root` to it if it isn't scary enough :3
# 19:15 
vika_nezrimaya but do you think it's scary enough?
# 19:32 
[fluffy] I’d worry about people who are acting maliciously and see this action being possible. They don’t care about warnings if they just want to make trouble.
# 19:34 
vika_nezrimaya Well, that needs access to the config file
# 19:34 
vika_nezrimaya and at this stage you're kinda screwed anyway
# 19:34 
vika_nezrimaya 'cause I can just do `redis-cli flushall` and wipe your whole DB out
# 19:34 
vika_nezrimaya or do even more malicious things
# 19:36 
vika_nezrimaya @fluffy so while you have a point - this IS usable maliciously - the malicious actors could do it anyway by stealing DB credentials
# 19:36 
vika_nezrimaya and they are in the config...
# 19:37 
vika_nezrimaya yeah, I didn't clarify that it's a config parameter
# 19:37 
vika_nezrimaya sorry :3
# 19:37 
vika_nezrimaya no undocumented query arguments to Micropub endpoint itself are accepted
# 19:38 
vika_nezrimaya ugh
# 19:40 
shrysr voxpelli: how do I get the indieauth token for using the editorial app ?
# 19:43 
vika_nezrimaya YAY, IMPORT WORKED!!!
# 19:43 
Loqi giggles
# 19:48 
vika_nezrimaya Now I only need to write a renderer and I'll have read-only.
[schmarty], jgmac1106, jeremycherfas, KartikPrabhu and [tantek] joined the channel