#dev 2020-04-02

2020-04-02 UTC
#
jacky I'm actually planning to have someone audit Koype when I start getting some initial customers for the hosted solution
#
jacky but eh, if I can use a open solution over a bigco one, I'll try - easier to see if they're vacuuming data or opening it up for others to do it "for product excellence"
#
[tantek] all good points snarfed
#
[tantek] I've definitely poked people to review bunches of the IndieAuth / RelMeAuth code over time, and I know at least some of the old RelMeAuth libraries (PHP) got review back in the day (like early 2010s)
#
[tantek] The other point you made is the fact that your custom one-off code for your site is unlikely to attract the attention of someone looking for an exploit
#
[tantek] there's a certain "code diversity" argument to be made as a mitigation against broad-spectrum based attacks
#
[tantek] similar to genetic diversity and mitigating vulns to infectious diseases
#
[tantek] of course that doesn't mean your site is "technically" secure, only secure from a time investment / obscurity perspective (which is still *a* measure of security even if not really a great one)
#
[tantek] and of course is inapplicable if it's a targeted attack
#
[tantek] like yeah, if you expect to be targeted, for any reason (high profile, known trolls, public speaker etc.), then you really should delegate any security related code/services to things that are actually hardened
[chrisaldrich] and dougbeal|mb1 joined the channel
#
[snarfed] hardening++
#
Loqi hardening has 1 karma over the last year
#
aaronpk the other way to phrase this all is nothing is 100% secure, so know what you're protecting against and know how well you're covered
#
[snarfed] threat modeling!
#
[snarfed] threatmodeling++
#
Loqi threatmodeling has 1 karma over the last year
#
jacky ^
#
gRegorlove !mf2 https://boffosocko.com
#
Kaja https://php.microformats.io/?url=https%3A%2F%2Fboffosocko.com
#
Loqi Chris Aldrich
maxwelljoslyn, aaronstrick and beko joined the channel; Nuve left the channel
#
GWG gRegorlove: https://github.com/indieweb/indieauth/issues/31
#
Loqi [dshanske] #31 Returning Profile Data
[LewisCowles] joined the channel
#
[LewisCowles] fantastic points on security. One other I'd bring up is...
#
[LewisCowles] Unless you've implemented a feature and it's not proprietary; there is no way to "poke" and probe the security efficiently
#
[LewisCowles] there will always be corners you "think you understand". Of course copy pasting doesn't guarantee understanding
[schmarty], [tantek] and KartikPrabhu joined the channel
#
@shwayest lmao apparently some idiot decided to make a pingback clone standard https://webmention.io/ (twitter.com/_/status/1245570601571368960)
#
aaronpk Oh yes this will end well
#
aaronpk "Proxy Tweets (currently @shwayest) is an account that allows people to send tweets anonymously via IRC."
#
[tantek] yeah how is that account even around
#
KartikPrabhu more importantly "Don't expect quality, just shitposts and drivel."
palashcoder joined the channel
#
palashcoder can i ask css questions here?
[LewisCowles] joined the channel
#
palashcoder need help with clip path positioning. anyone?
#
[LewisCowles] it's a chan bot 😞
#
[LewisCowles] so much potential wasted on chan sites
lahacker joined the channel
#
palashcoder [LewisCowles]: someone told me here to ask
#
[LewisCowles] I was talking about the tweet above
#
[LewisCowles] I was on the fence about your question
#
[LewisCowles] Firefox has a tool if you inspect element on something using clipping paths, it allows you to interact with the page. Really needs two screens to work well
KartikPrabhu joined the channel
#
palashcoder [LewisCowles] ok, will try that
jenelizabeth, loicm, geoffo, KartikPrabhu and sscarfe joined the channel
#
@markusstaab @evertp which webmention tool/service/api do you use on your blog? (twitter.com/_/status/1245619605596299270)
#
@evertp ↩️ @markusstaab https://evertpot.com/bye-disqus-hello-webmention/ does this sum it up? (twitter.com/_/status/1245619991929487360)
#
@evertp ↩️ @markusstaab And this is the little bit of Js I wrote to make them actually appear: https://github.com/evert/evert.github.com/blob/master/assets/js/webmentions.js (twitter.com/_/status/1245620752805552136)
FeNiXDiscord[m] and ReneM[m] joined the channel
#
Gaffen Does anyone have any thoughts on running their own CI server? I've been considering it but am worried it may be asking too much of my weedy little server
#
[LewisCowles] I've run my own CI for years using Jenkins. It's a lot of hassle and I've grown weary of maintaining open source CI tooling
[g33kcentric] joined the channel
#
[g33kcentric] urrrrr jenkins 😄
#
[LewisCowles] I'm always left happy when interacting with proprietary tooling as it "just works". I'm aware that is a lazy point of view, and I wish there were easier ways to use OpenSource; but generally "more fiddling required"
#
crab jenkins is quite complex. once you have it and it works, you can do a lot with it, but it involves a lot of stuff you have to be familiar with
#
crab i've heard that gitlab's built-in ci/cd is nicer to work with, but i haven't used it myself.
captain-nemoDisc, vexlDiscord[m], EdmundMDiscord[m, nlkoDiscord[m], bmiller59Discord, foxcoolDiscord[m, f-r-e-dDiscord[m, kppDiscord[m], vbDiscord[m], KarlDiscord[m], mZDiscord[m], AlekseyDiscord[m, ShruthiDiscord[m, M}Discord[m], LSJI07Discord[m], aphelionzDiscord, Dr_JayWDiscord[m, farhad312Discord, tom85Discord[m], ianlopshireDisco, RockSteadyTRTL[m, ChubbyBoyDiscord, LokeLDiscord[m], r5723013Discord[, PermawebMatrixBr, wngrDiscord[m], malaclypsDiscord, Romaric[m]1, appDiscord[m], OboDiscord[m], HyunwooLeeDiscor, edrex, coryschwartzDisc, Tianyi[m]1, mikeal[m], IgutinDiscord[m], PhillmacDiscord[, CryptoEmpress[m], jklepatchDiscord, richarddavisDisc, WellinkDiscord[m, achingbrainDisco, thesage1014Disco, macerbiDiscord[m, iiogama[m], thomasbDiscord[m, poofDiscord[m], RDeckardDiscord[, tplookerDiscord[, sfromentDiscord[, KinnardDiscord[m, HenniDiscord[m], M0zAND1zDiscord[, freethinkingawa4, godparticleDisco, nyarlathotepDisc, TianyiDiscord[m4, maparent[m], mZ[m], xlcDiscord[m], nilocDiscord[m], aeddiDiscord[m], codynhatDiscord[, the_nikinDiscord, kevinbird15Disco, M4star3starDisco, msena3[m], JerbsDiscord[m], jenncloudDiscord, OlegStotskyDisco, mZDiscord[m]1, JustMaier[m], pranayDiscord[m], planetary_devDis, EdEdorEddyDiscor, rappelDiscord[m], ShadowJonathanDi, JustMaierDiscord, rklaehn[m], hazDiscord[m], PhiDiscord[m], SirMemesALotDisc, Rick[m], robinzzzDiscord[, rklaehnDiscord[m, NastyEbilPiwateD, jamietanna[m], wourslerDiscord[, prtfwDiscord[m], MatthDiscord[m], Sean|FortmaticDi, SuikaDiscord[m], NatoBoramDiscord, gnunicorn[m], touzaikokonDisco, icaruszDiscord[4, raisDiscord[m], foxcoolDiscord[4, gtsDiscord[m], richtercamdenDis, icaruszDiscord[m, MMMMaggieDiscord, johanherman[m]1, crestDiscord[m], talbDiscord[m], MikeShultzDiscor, arjanvaneerselDi, Lilz|BetaMe[m], mhzDiscord[m], JordanKrageDisco, DoggersUniteDisc, card[m], M123897974564Dis, manfred[m], carsonfarmerDisc, NatoBoram[m], M4eekDiscord[m], xylanDiscord[m], bitspillDiscord[, nocentDiscord[m], M3baidDiscord[m4, tttDiscord[m], matsugenDiscord[, hvergaraDiscord[, cam4507[m], chinsuDiscord[m], CryptoEmpressDis, betamosDiscord[m, KYZITEMELOS93Dis, RichardLittDisco, AceFaceDiscord[m, aswiththewildDis, MisterGoreDiscor, stuartDiscord[m], gunttedDiscord[m, emersen234Discor, NooooooWayyyyyDi, rittme[m], grvhiDiscord[m], ShmultzDiscord[m, chrisDiscord[m], sekiDiscord[m], WidgetBotiocli1[, sprayDiscord[m], SweatDiscord[m], M[AXEL]Darr[m], sethforkDiscord[, ddahlDiscord[m], johanhermanDisc4, XierumengDiscord, bushido711Discor, cannabysDiscord[, pierrebocDiscord, jgmac1106Discord, AXEL-Lee[m], gorhgorh[m], emakDiscord[m], freethinkingaway, kevinkDiscord[m], HexDiscord[m], adinbDiscord[m], nebulerDiscord[m, tom85[m], bekoDiscord[m], alphapapaactualD, CathyLDiscord[m], oed3[m], chmanieDiscord[m, HarryTmeticDisco, EatsDiscord[m], amatuniDiscord[m, JaoheahDiscord[m, Giyomu[m], MachiavelaDiscor, gozala[m], gumshedDiscord[m, koivunejDiscord[, combrayDiscord[m, sachaDiscord[m], balupton[m], a2b2x2Discord[m], enricomarino[m], M5310Discord[m], NetherwolfDiscor, daveatQCDiscord[, andrewxhillDisco, TyphooNDiscord[m, cwDiscord[m], megadogberthehim, fexra|TRTLDiscor, M8431[m], zegordoDiscord[m, pierreboc[m], circlesDiscord[m, sekiDiscord[m]1, DavidFalconDisco, CyOp0x00Discord[, l^discordDiscord, khalnayakDiscord, fozzie[m], Luna14Discord[m], buztedDiscord[m], Tianyi[m], boomshroomDiscor, KirushikDiscord[, mapachurroDiscor, hvergara[m], zoink92Discord[m, tobowersDiscord[, ZipperSKDiscord4, brewskiDiscord[m, JayWelsh0845[m], modigDiscord[m], olizillaDiscord[, yjhmelodyDiscord, RobotLordimperia, solanavDiscord[m, IPFSFanDiscord[m, rittmeDiscord[m], gnunicornDiscord, ZipperSKDiscord[, KubeDiscord[m], sbpDiscord[m], erlend_shDiscord, shivankDiscord[m, JoejoeDiscord[m], Elijah3321[m], sukarDiscord[m], RenegadeDiscord[, denzuko-at-workD, enricomarinoDisc, nek1113Discord[m, eshohetDiscord[m, TionisDiscord[m], panDiscord[m], TroyDiscord[m], ShokuninDiscord[, WesDiscord[m], FusonDiscord[m], felixschlDiscord, abhi_Discord[m], lyonDiscord[m], new0neDiscord[m], ReallySnazzyDisc, FranklinDiscord[, SnoochToTheNooch, AXEL-Brian[m], KinnardDiscord[4, Imnotsoimpressed, LordFenixNCDisco, EugeneDiscord[m], MissLavenderDisc, AltFreqDiscord[m, Senshi[m], kanejDiscord[m], vasa|DappkitDisc, fredcy_, SpicoliWhiteDisc, MichaelTenDiscor, pps96Discord[m], WarrenDiscord[m], mattsseDiscord[m, AmineDiscord[m], bonedaddyDiscord, romaric[m], SenshiDiscord[m], snoopdoggydogDis, gkimbwalaDiscord, SnowballDiscord[, TimeOnDiscord[m], hubaDiscord[m], mikealDiscord[m], DreamingInCodeDi, AblibuDiscord[m], terryHDiscord[m], ritewhose[m], llllllDiscord[m], DioBrandonDiscor, DigitalOilDiscor, carsonfarmer[m], jimpick[m], silent_Activist[, PerinDiscord[m], Exca1iburTheWise, EKLynxDiscord[m], ExpherienceDisco, matyas_mustohaDi, Ja3oodDiscord[m], psyonityDiscord[, drbh[m], Lilz|BetaMeDisco, wossDiscord[m], M9uapawDiscord[m, JorropoDiscord[m, vinDiscord[m], leoalvarezhDisco, realChainDiscord, FrenchBackBoneDi, nrtxrmndDiscord[, M3baidDiscord[m], JohnnyMilkshakes, TrevorDiscord[m], TeamIanDiscord[m, suleDiscord[m], test123Discord[m, haywirezDiscord[, jmank88Discord[m, cristobalDiscord, cristobalDiscor4, jessicaschilling, JungleHeartDisco, Googol30Discord[, ArunDiscord[m], nofwayyDiscord[m, CocoonCrashDisco, lauren|Microspon, jonbvDiscord[m], neohexDiscord[m], BossMANDiscord[m, wossDiscord[m]1, jceb[m], ScottSmileyDisco, eddy[m], funwhilelostDisc, pcowgillDiscord[, allgoDiscord[m], distributedjoseD, Akshay[m], Nebulous[m], n9tDiscord[m], hacdiasDiscord[m, bengoDiscord[m], ivanDiscord[m], phynite[m], gauthamDiscord[m, TH0RynDiscord[m], bmiller59[m], drshamoon[m], M011000100111010, thatguyDiscord[m, Sm03leBr00tDisco, RealSnazzy[m], kanej[m], cesarosumDiscord, KevlarmonkeyDisc, william_shakesDi, johanherman[m], koalalorenzoDisc, UserDiscord[m], CatManDoooDiscor, takev[m], mykiwi, doopDiscord[m], scandichainDisco, gmelodieDiscord[, yabirgbDiscord[m, atj[m], amimDiscord[m], chmanieDiscord[4, cwchristerwDisco, zcopleyDiscord[m, dunks411Discord[, doorknob88Discor, leoalvarezhDisc4, AraratDiscord[m], zwelsternDiscord, peatDiscord[m], RockSteadyTRTLDi, jimpickDiscord[m, AtiqDiscord[m], borismusDiscord[, jwheelerDiscord[, manfredDiscord[m, QwertyWhoreDisco, OxyDiscord[m], npfoss[m], aidxnDiscord[m], maparentDiscord[, gabrielbaron16Di, weedDiscord[m], plindner[m], RomaricDiscord[m, blzDiscord[m], TianyiDiscord[m], felixschlDiscor4, thomasDiscord[m], SmileRobotDiscor, dhenz3SpeakDisco, Expherience[m], bostaDiscord[m], reddDiscord[m], bltavaresDiscord, celso[m], M9672Discord[m], AnthonyADiscord[, SpaceOutlawDisco, macerbi[m], DiscordBridge[m4, pankajmendkiDisc, JD9Discord[m], KeegenDiscord[m], AnthonyCBuddDisc, MasonDiscord[m], RyonezCoruscare0, CarboClanCDiscor, ZapierDiscord[m], Keegen[m], RDeckardDiscord4, anthony-albertor, RomainDiscord[m], Mai-HsuanKevinCh, te0dDiscord[m], Oxy[m], corylDiscord[m], cardDiscord[m], jenncloud[m], Gorka[m], dy5es41Discord[m, peterkDiscord[m], AuHau[m], angrygnuDiscord[, lyon[m], johanhermanDisco, skillman623Disco, marcocastignoliD, DerekDiscord[m], simibacDiscord[m, dqxDiscord[m], janttoDiscord[m], ithithDiscord[m], aaronpkDiscord[m, tangoDiscord[m], aaronpk[m], pvienhageDiscord, ngamboaDiscord[m, discord[m], mattcDiscord[m], matschafferDisco, HooftlyDiscord[m, vasa[m], h2Discord[m], gregjeanmartDisc, Clment[m], babaitDiscord[m], nek11Discord[m], KisulkenDiscord[, gorhgorhDiscord[, NebulousDiscord[, AutoAIDiscord[m], TristanDiscord[m, andrewxhill[m], pbvieDiscord[m], sander[m], flower88Discord[, CharlieRaptoreum, DamirDiscord[m], fozzieDiscord[m], JeffMaherVegas[m, eddocsillDiscord, braditzDiscord[m, watDiscord[m], Lolicon[m], tadpole256Discor, HuurooDiscord[m], kbo8999Discord[m, HaybalesDiscord[, placer14Discord[, virtual_vagrantD, SteffDiscord[m], astraiaDiscord[m, chris[m], ShadowLingDiscor, sacha[m], SchwartzDiscord[, Valium8862[m], celsoDiscord[m], celsoDiscord[m]1, hyde__Discord[m], PamileissonDisco, nek1113Discord[4, obernardovieiraD, drshamoonDiscord, UsDiscord[m], SteelixDiscord[m, jazzy-jeff^_^Dis, itsmekntDiscord[, carstenmunkDisco, LuutheCoolDiscor, xtream1101Discor, gorhgorh[m]1, Ja3ood[m], GuillaumeDiscord, radio_aliceDisco, katakotoDiscord[, GiyomuDiscord[m], pr1meDiscord[m], MairkurDiscord[m, kerlanTDiscord[m, berDiscord[m], denzukoDiscord[m, raulDiscord[m], gregzuroDiscord[, KinnardDiscord[7, Dby0Discord[m], plexusDiscord[m], JonwelDiscord[m], ksDiscord[m], loodDiscord[m], confraria[m], Discord[m]1, OrkunDiscord[m], TryptophanDiscor, HeysteinDiscord[, RodolfoEDiscord[, DoppelgngerDisco, baluptonDiscord[, thestevewayDisco, new0ne[m], Hsiu-PingNichola, SomeguyDiscord[m, doodlemaniaDisco, M|NecoDiscord[m], armaniferranteDi, HielleMatrixBrid, CantiTurtleCoinD, neilDiscord[m], dostDiscord[m], Mairkur[m], cyluDiscord[m], ttocslliwDiscord, braditzDiscord[4, lamborghiniDisco, DaekiDiscord[m], kppDiscord[m]1, sfroment[m], paulmahoneDiscor, ianfixesDiscord[, prtfw[m], ambackDiscord[m], CantiTurtleCoin[, vasaDiscord[m], SpidermanDiscord, zgrDiscord[m], UsamaIrfanDiscor, swedneck[GMT1]Di, cesarosum[m], celso[m]1, beko[m], aeddi[m], placer14[m], sblinnDiscord[m], efnDiscord[m], Dazuck-3BoxDisco, MesaDiscord[m], eddyDiscord[m], drbhDiscord[m], catmanDiscord[m], dowlandaielloDis and ptonerDiscord[m] joined the channel
#
[LewisCowles] ConcourseCi is something I had to use at work for about a year.
#
[LewisCowles] Unfortunately it was such a waste of compute taking > 500USD to run CI/CD for a company with less than a million customers and not much technical excellence
#
[LewisCowles] I really enjoyed taking it apart and found it a little more refreshing once up, to use as it allowed me to use Docker containers.
#
[LewisCowles] thats per-month
#
[LewisCowles] ignoring paying me and others to interact with it
#
Gaffen I personally have just started using bitbucket pipelines, which works if you only want on-push execution
#
Gaffen I think git has something similar but haven't tried it
#
Gaffen But if you've got an SSR website that point is slightly moot, as you have to requild your content on a webhook
#
Gaffen *rebuild
#
Gaffen Quick explanation of my setup for context: Wordpress CMS -> Webhook -> Buddy.works -> eleventy.js static site
#
Gaffen But I've hit my free limit for buddy and it's making me consider my options
#
[g33kcentric] do you have the wordpress setup locally or still online?
#
[LewisCowles] I think that's just a task runner
#
[LewisCowles] You might have an easier time than a full CI/CD setup
#
Gaffen Everything's online on a £7/m VPS
#
Gaffen Yeah, I'm not running tests or anything, just building and deploying stuff right now
#
[g33kcentric] cool, i did wonder about a similar setup, but it seems a little redundant to have a cms online if its just going to get piped through to a static site anyway
#
[g33kcentric] but i guess you can just logon, rather than boot up a local server/docker whatever
#
Gaffen Yeah exactly
#
Gaffen It also leaves to option for cdn'ing your media as well
#
Gaffen (all images live on the wordpress install)
#
[LewisCowles] as it works using docker etc. How much glue is there stopping you running locally and pushing live from your own PC?
#
[LewisCowles] not WP, but the build of the site
#
[LewisCowles] you can then pull from your WP, build and push replacing site from your PC. It would change from async to batch queue
#
Gaffen Nothing tbh, apart from the webhook bit. My biggest worry is not haven't access to something when i need it
#
Gaffen (Right now, on post update a webhook is sent to buddy to automate redeploy)
#
[LewisCowles] I'd ask about GitHub actions, but if you're over their free limit, you might also get charged by GitHub
#
Gaffen Ah sure
#
Gaffen I've also started considering using the wordpress install for commenting functionality, though I'm not sure how silly an idea that is. Like if I'm bringing so much functionality from wordpress to a static site... Maybe I should just consider using wordpress lol
#
[LewisCowles] > Embrace newest toys faster
#
[LewisCowles] That really disappointed me. Marketing to privilege.
#
Gaffen Though the other part of me states at least this way I can very easily contain the sheer amount of wordpress cruft on my site
swentel joined the channel
#
[LewisCowles] I take it your WP is a headless CMS and the posts are being consumed via REST API?
#
Gaffen Yeah exactly
#
[LewisCowles] Risky idea, but could your webhook change?
#
Gaffen As in send the webhook to a different url?
#
Gaffen What sort of change are you thinking?
#
[LewisCowles] webhook to GitHub to publish the JSON & have it poll every n minutes / hours etc from your PC connecting to git, pulling, building, pushing
#
[g33kcentric] ↩️ exactly why javascript has such a shitty reputation
#
[LewisCowles] the idea came from another indieweb user
#
Gaffen So wordpress triggers github to output the REST responses?
#
Gaffen Wait no, I don't think I'm following lol
#
[LewisCowles] wordpress on publish, sends a webhook with the post JSON payload from API (may require wrangling)
#
[LewisCowles] post ID would be known already right?
#
Gaffen Oh yeah definitely
#
Gaffen Ahh, I think I get you; this way you'd get an incremental build?
#
[LewisCowles] so, using a filter that makes a wordpress REST API call and sends that to GitHub via Github REST API to store JSON (I'd advise in a separate repo, with some signing)
#
[LewisCowles] [barryf] was I think the person who's ruby project I was looking at
#
[LewisCowles] They use a micro-pub client direct to their endpoint, which pushes to GitHub
#
[LewisCowles] The difference with your setup is WordPress is your publishing client and endpoint server
#
Gaffen Yeah for sure
#
[LewisCowles] Surely the content being pushed is a large blob of html with limited properties.
#
Gaffen Yep, pretty much
#
[LewisCowles] Mildly upset by this
#
[LewisCowles] I really like the mf2 parser generated JSON because it's so ordered
#
[LewisCowles] HTML can be a bit like that drawer or box you put everything into
#
Gaffen Massively
#
Gaffen I only use wordpress because it's got asset management down pat, and the editor is a pleasant experience
#
Gaffen (And I also don't like storing content in version control alongside the site, doesn't feel right)
#
[LewisCowles] the good news is you can turn it off and add a hook to grab the content on post save and send somewhere offline, like git, or S3 (with revisions on) or any storage of your choosing.
#
[LewisCowles] Gaffen++ for falling into one of my loves
#
Loqi Gaffen has 1 karma over the last year
#
Gaffen Hahaha
#
Loqi awesome
#
[LewisCowles] I really prefer history is not stored in a RDBMS alongside live data
#
Gaffen Yeah, I'm not really against storage in git if it's a separate repo
#
Gaffen I need to investigate mf2, at the moment my site is terrible
#
Gaffen As in, no microformats, I'm only just implementing SEO/ogtags
#
Gaffen It does have RSS at least though lol
#
[LewisCowles] To each their own. I've only recently last year noticed Indieweb through a co-worker and run to mf2 as an alternative to schema and other structured formats as a thing to observe and experiment with
#
[LewisCowles] I'm finding a lot of ideas, which is wonderful. It may yet take me another decade or 2 to chew through them all
#
Gaffen Hahaha yeah
#
[LewisCowles] by which point there will be more ideas to chew through
#
Gaffen Oh, so you prefer everything together in one repo?
#
[LewisCowles] No, I would have a content repo too
#
[LewisCowles] data and logic should live separately
#
Gaffen Ok good :D
#
[LewisCowles] It's also a security benefit isolating content
#
[LewisCowles] Although it would require other measures too, like archiving each version of your site generated
[jeremycherfas] joined the channel
#
Gaffen Welp, I should be working. Will have to finish off adding SEO features later
[jgmac1106] joined the channel
#
@tosbourn Today I'm going to try to understand webmentions a lot better than I do. If you've played and have links or thoughts, I'm all ears. (twitter.com/_/status/1245642118346862599)
#
[jgmac1106] snarfed at jacky, the COVID-19 Fund from the Mozilla Fund has a specific track for security audits, up to 50K
#
[jgmac1106] p
#
[jgmac1106] https://www.mozilla.org/en-US/moss/secure-open-source/
jenelizabeth joined the channel
#
Zegnat Wonder how far 50K takes you for a full audit. Guess it depends on project size. TrueCrypt Audit I think raised almost 50K and I do not remember if any money was left over after the two part audit.
#
[jgmac1106] zegant you can apply to that strand for MOSS grants in general, which maybe higher than 50k, this is is just a rapid response award
hs0ucy, [xavierroy], superjen96, petermolnar, sscarfe and KartikPrabhu joined the channel
#
[jgmac1106] all I wanted to do was display my orcid in my h-card...look how much metadata gets wrapped around an img and link and inline styling: <div itemscope itemtype="https://schema.org/Person"><a itemprop="sameAs" content="https://orcid.org/0000-0003-1035-389X" href="https://orcid.org/0000-0003-1035-389X" target="orcid.widget" rel="me noopener noreferrer" style="vertical-align:top;"><img
#
[jgmac1106] src="https://orcid.org/sites/default/files/images/orcid_16x16.png" style="width:1em;margin-right:.5em;" alt="ORCID iD icon">https://orcid.org/0000-0003-1035-389X</a></div>
#
[jgmac1106] tried to recreate the logo in my color scheme, but couldn't match font and don't want to edit a 16px img
#
[jgmac1106] then had real things to do...like muck about on Twitter
#
Zegnat It looks save to remove basically all of those HTML attributes, unless you are planning to support Schema Microdata on your site, [jgmac1106]
#
[jgmac1106] I did remove it all
#
[jgmac1106] I just link with rel=me
KartikPrabhu and jenelizabeth joined the channel
#
[LewisCowles] besides some minor frustrations, I quite like known on heroku
sscarfe and loicm joined the channel
#
GWG Finding new weather APIs is not easy
gxt, [kimberlyhirsh] and [g33kcentric] joined the channel
#
[g33kcentric] So i think my goal for tonight, is to build a system that sends newsletters i subscribe to, too my site where they will be saved as h-entries, possibly with custom styling for each one (obvs outside of MVP)
[KevinMarks] joined the channel
#
[KevinMarks] grr - google deprecated the location API if you aren't on https, so my map subdomain doesn't work
#
[KevinMarks] I found the UK met office weather API, but it only works in the UK
#
[KevinMarks] http://where.kevin-marks.com/maptime/weather.html
#
[KevinMarks] click on a green marker to get the forecast there
#
GWG [KevinMarks]: My code serves British people, so I would add that. I added the US NWS for that reason. If you mostly stay in one country.
#
GWG [KevinMarks]: I signed up for a MET Office API key to test, but I haven't seen if I can do lookup by coordinates
#
[KevinMarks] getting the API key was a pain. Also the API is a bit bureaucratic - you need to pass it one of it's location IDs so you'll need to do a find closest on the sitelist (I hard-coded mine when I found the location api was broken)
hs0ucy, [tantek] and KartikPrabhu joined the channel
#
[KevinMarks] feel free to pinch any code from that page for it - it's all clientside
#
GWG [KevinMarks]: That's what I do for the NWS. They let you search for nearby location IDs by coordinates.
#
[KevinMarks] here there's just one list of 5000 http://datapoint.metoffice.gov.uk/public/data/val/wxfcs/all/json/sitelist?key=7c51034d-2e4b-407f-a264-9a204ca22e8b
#
GWG Yes, I can work with that
#
GWG And then ask [Rose] to test it. She uses the code.
sscarfe, loicm, lahacker, [jeremycherfas], geoffo, geoffo_, [xavierroy], [LewisCowles], gRegorLove and [_iamdave] joined the channel
#
[_iamdave] [chrisaldrich] 👀 welcome back to tiddlywiki
#
[_iamdave] Getting some chores done presently but I’m going to be experimenting with rendering riddlers to static pages, and playing about with view templates some more
#
[_iamdave] s/riddlers/tiddlers
gRegorLove_, sscarfe, swentel, crumbler and [manton] joined the channel
#
[manton] Hi everyone! Anything new going on with Instagram → Micropub solutions? We've had an Instagram import (from .zip) in the Micro.blog macOS app, but wondering if I need to spend some time on something for non-Mac folks now. I assume little chance of Own Your Gram coming back?
[chrisaldrich] joined the channel
#
[chrisaldrich] thanks [_iamdave] I've been tinkering with TiddlyWiki locally for a while, but it's nice to have one on my own domain. I'll be digging into h-cards and templates for other pieces shortly.
#
aaronpk ownyourgram is spotty at best, and it's getting harder and harder to maintain it
#
[manton] I wonder if a browser extension would be a good solution. Visit instagram.com while signed in and click a "move everything I see on this page to my blog" kind of a workflow.
#
aaronpk that could work!
#
[manton] Since I assume auth and API access is one of the major problems right now.
#
aaronpk API access is shut down completely
#
aaronpk so it's a matter of scraping. they do have a lot of JSON on the page, but they're aggressive about whether or not they return a web page if they think you're a bot
jamietanna and [snarfed] joined the channel
#
[snarfed] aaronpk i assume you still want to avoid scraping with a logged in cookie? i can commiserate, but i gave in and started doing that in bridgy a while back, and it's been solid and reliable ever since
#
[snarfed] (test account, obvs, but still)
#
aaronpk hmm, i tried that at one point but was still getting blocked
#
aaronpk i could try again
#
aaronpk i also haven't had a lot of time to spend on it so i turned off new signups to prevent new people from complaining that it wasn't working
#
jamietanna Adding to the conversation earlier about CI/CD - I use GitLab CI for my stuff and it's great, but I also use a fair bit of Jenkins for work and wanna fight its corner that it's all about how you set it up, it can be good to work with
#
[manton] [snarfed] [aaronpk] Thanks… I might tinker with a browser extension if I have time. (But then there's the question of which browsers to support. Sigh.)
#
aaronpk i've heard of people having luck with a cross-browser extension library thing
#
Zegnat Cross-browser extensions are getting better. Definitely possible for something like a scraper too, where you are not interested in browser-specific preferences stuff
#
Zegnat It is just a matter of running (lots of) polyfills, because the W3 extension spec is woefully ignored
#
Zegnat would be happy to assist on browser extension stuff
[Michael_Beckwi] joined the channel
#
[Michael_Beckwi] are cross browser extensions really getting better or is it because they’re all basically running the same underlying engine, except Firefox?
#
Zegnat It has always been cross browser between just Firefox and Chrome, basically. Especially what with Safari killing their extensions and the IE extension space never really getting off the ground.
#
[manton] Just a quick search for cross-browser extension frameworks makes me think starting with Firefox-only makes the most sense, then maybe adapting it for others. Happy to hear if there's a good framework, though!
#
ReneM[m] Would a IFTTT solution, which has API access to IG, the best solution for now and initiate a web request when a new photo is added to a IG profile?
#
Zegnat I have been playing with https://github.com/mozilla/webextension-polyfill which is pretty much drop-in-and-forget. But I have also done just manually fixing it up a bit.
#
Zegnat Really if you are coming from Chrome dev it is mostly wrapping your head around the Firefox promises: https://github.com/mozilla/webextension-polyfill#using-the-promise-based-apis
#
Loqi [mozilla] webextension-polyfill: A lightweight polyfill library for Promise-based WebExtension APIs in Chrome
#
Loqi [mozilla] webextension-polyfill: A lightweight polyfill library for Promise-based WebExtension APIs in Chrome
#
Zegnat ReneM[m]: can IFTTT send the photo and caption along in the web request? Because I think one of the problems may just be accessing the photo on IG at all.
#
aaronpk the jpg link works fine, but it is temporary now. it's there long enough for IFTTT to work though
#
aaronpk i wonder how IFTTT got through instagram API review
#
Zegnat “too big to fall”?
#
ReneM[m] I did this 2 years ago on IFTTT with a Netlify function. But since I stopped using Instagram I don’t use it anymore.
#
ReneM[m] You get the URL of the image, the caption and some other infos that you can send to a WebHook
#
aaronpk you should be able to format that web hook as a micropub request
#
Loqi yea!
#
[manton] [Zegnat] That's cool, thanks. The problem for me is Safari, since that's my default browser. (Although I've written Safari extensions before and could handle that separately.)
#
Zegnat Oof. I have forsaken extension development in Safari ever since Apple started actively limiting the type of dev work you could do
#
Zegnat What is Safari Extensions?
#
Loqi Safari Extensions are self contained packages of HTML and JavaScript that modify the Safari browser https://indieweb.org/Safari_Extensions
#
Zegnat Hmm. That definition is probably not even true anymore
#
Zegnat It is all AppKit and stuff now. I’ve collected some links on that wiki page, [manton]. You as a macOS dev might have better luck with that than me as a webdev. I doubt there are any cross-browser frameworks that still include Safari left
#
ReneM[m] uploaded an image: ima_6598851.jpeg (50KB) < https://matrix.org/_matrix/media/r0/download/tchncs.de/nlslTejTnsINUjVUShDdyusx >
#
ReneM[m] Lets see if Riot.im can send photos through the bridge.
#
ReneM[m] That’s what IFTTT gets from the IG API and can send tons WebHook. I did it as a POST request to a Netlify function and it worked
#
Zegnat Yes, images get through the bridge :) Looks interesting!
nderitu joined the channel
#
ReneM[m] Since IFTTT has tons of ready-to-be-used Apllets for Instagram to e.g Twitter, Facebook pages that are used my hundred thousands (according to their stats) I doubt that this is a temporary solution😉
#
aaronpk i just wish it wasn't so awkward to make HTTP requests in IFTTT
andysylvester, gRegorLove__, loicm and [jacky] joined the channel
#
[jacky] Browser extensions (ideally) are cross platform if you follow the spec for cross-plat support
#
[jacky] ooof 30 hours later <spongebob narrator voice>
lahacker, superjen96, jenelizabeth, alina and blueyed joined the channel