#jackyI'm actually planning to have someone audit Koype when I start getting some initial customers for the hosted solution
#jackybut eh, if I can use a open solution over a bigco one, I'll try - easier to see if they're vacuuming data or opening it up for others to do it "for product excellence"
#[tantek]I've definitely poked people to review bunches of the IndieAuth / RelMeAuth code over time, and I know at least some of the old RelMeAuth libraries (PHP) got review back in the day (like early 2010s)
#[tantek]The other point you made is the fact that your custom one-off code for your site is unlikely to attract the attention of someone looking for an exploit
#[tantek]there's a certain "code diversity" argument to be made as a mitigation against broad-spectrum based attacks
#[tantek]similar to genetic diversity and mitigating vulns to infectious diseases
#[tantek]of course that doesn't mean your site is "technically" secure, only secure from a time investment / obscurity perspective (which is still *a* measure of security even if not really a great one)
#[tantek]and of course is inapplicable if it's a targeted attack
#[tantek]like yeah, if you expect to be targeted, for any reason (high profile, known trolls, public speaker etc.), then you really should delegate any security related code/services to things that are actually hardened
[chrisaldrich] and dougbeal|mb1 joined the channel
#[LewisCowles]Firefox has a tool if you inspect element on something using clipping paths, it allows you to interact with the page. Really needs two screens to work well
#GaffenDoes anyone have any thoughts on running their own CI server? I've been considering it but am worried it may be asking too much of my weedy little server
#[LewisCowles]I've run my own CI for years using Jenkins. It's a lot of hassle and I've grown weary of maintaining open source CI tooling
#[LewisCowles]I'm always left happy when interacting with proprietary tooling as it "just works". I'm aware that is a lazy point of view, and I wish there were easier ways to use OpenSource; but generally "more fiddling required"
#crabjenkins is quite complex. once you have it and it works, you can do a lot with it, but it involves a lot of stuff you have to be familiar with
#crabi've heard that gitlab's built-in ci/cd is nicer to work with, but i haven't used it myself.
#[LewisCowles]ConcourseCi is something I had to use at work for about a year.
#[LewisCowles]Unfortunately it was such a waste of compute taking > 500USD to run CI/CD for a company with less than a million customers and not much technical excellence
#[LewisCowles]I really enjoyed taking it apart and found it a little more refreshing once up, to use as it allowed me to use Docker containers.
#GaffenYeah, I'm not running tests or anything, just building and deploying stuff right now
#[g33kcentric]cool, i did wonder about a similar setup, but it seems a little redundant to have a cms online if its just going to get piped through to a static site anyway
#[g33kcentric]but i guess you can just logon, rather than boot up a local server/docker whatever
#GaffenI've also started considering using the wordpress install for commenting functionality, though I'm not sure how silly an idea that is. Like if I'm bringing so much functionality from wordpress to a static site... Maybe I should just consider using wordpress lol
#[LewisCowles]webhook to GitHub to publish the JSON & have it poll every n minutes / hours etc from your PC connecting to git, pulling, building, pushing
#[g33kcentric]↩️ exactly why javascript has such a shitty reputation
#GaffenAhh, I think I get you; this way you'd get an incremental build?
#[LewisCowles]so, using a filter that makes a wordpress REST API call and sends that to GitHub via Github REST API to store JSON (I'd advise in a separate repo, with some signing)
#[LewisCowles][barryf] was I think the person who's ruby project I was looking at
#[LewisCowles]They use a micro-pub client direct to their endpoint, which pushes to GitHub
#[LewisCowles]The difference with your setup is WordPress is your publishing client and endpoint server
#GaffenI only use wordpress because it's got asset management down pat, and the editor is a pleasant experience
#Gaffen(And I also don't like storing content in version control alongside the site, doesn't feel right)
#[LewisCowles]the good news is you can turn it off and add a hook to grab the content on post save and send somewhere offline, like git, or S3 (with revisions on) or any storage of your choosing.
#[LewisCowles]To each their own. I've only recently last year noticed Indieweb through a co-worker and run to mf2 as an alternative to schema and other structured formats as a thing to observe and experiment with
#[LewisCowles]I'm finding a lot of ideas, which is wonderful. It may yet take me another decade or 2 to chew through them all
#ZegnatWonder how far 50K takes you for a full audit. Guess it depends on project size. TrueCrypt Audit I think raised almost 50K and I do not remember if any money was left over after the two part audit.
#[jgmac1106]zegant you can apply to that strand for MOSS grants in general, which maybe higher than 50k, this is is just a rapid response award
hs0ucy, [xavierroy], superjen96, petermolnar, sscarfe and KartikPrabhu joined the channel
#[jgmac1106]all I wanted to do was display my orcid in my h-card...look how much metadata gets wrapped around an img and link and inline styling: <div itemscope itemtype="https://schema.org/Person"><a itemprop="sameAs" content="https://orcid.org/0000-0003-1035-389X" href="https://orcid.org/0000-0003-1035-389X" target="orcid.widget" rel="me noopener noreferrer" style="vertical-align:top;"><img
gxt, [kimberlyhirsh] and [g33kcentric] joined the channel
#[g33kcentric]So i think my goal for tonight, is to build a system that sends newsletters i subscribe to, too my site where they will be saved as h-entries, possibly with custom styling for each one (obvs outside of MVP)
[KevinMarks] joined the channel
#[KevinMarks]grr - google deprecated the location API if you aren't on https, so my map subdomain doesn't work
#[KevinMarks]I found the UK met office weather API, but it only works in the UK
#[KevinMarks]click on a green marker to get the forecast there
#GWG[KevinMarks]: My code serves British people, so I would add that. I added the US NWS for that reason. If you mostly stay in one country.
#GWG[KevinMarks]: I signed up for a MET Office API key to test, but I haven't seen if I can do lookup by coordinates
#[KevinMarks]getting the API key was a pain. Also the API is a bit bureaucratic - you need to pass it one of it's location IDs so you'll need to do a find closest on the sitelist (I hard-coded mine when I found the location api was broken)
hs0ucy, [tantek] and KartikPrabhu joined the channel
#[KevinMarks]feel free to pinch any code from that page for it - it's all clientside
#GWG[KevinMarks]: That's what I do for the NWS. They let you search for nearby location IDs by coordinates.
#GWGAnd then ask [Rose] to test it. She uses the code.
sscarfe, loicm, lahacker, [jeremycherfas], geoffo, geoffo_, [xavierroy], [LewisCowles], gRegorLove and [_iamdave] joined the channel
#[_iamdave][chrisaldrich] 👀 welcome back to tiddlywiki
#[_iamdave]Getting some chores done presently but I’m going to be experimenting with rendering riddlers to static pages, and playing about with view templates some more
gRegorLove_, sscarfe, swentel, crumbler and [manton] joined the channel
#[manton]Hi everyone! Anything new going on with Instagram → Micropub solutions? We've had an Instagram import (from .zip) in the Micro.blog macOS app, but wondering if I need to spend some time on something for non-Mac folks now. I assume little chance of Own Your Gram coming back?
[chrisaldrich] joined the channel
#[chrisaldrich]thanks [_iamdave] I've been tinkering with TiddlyWiki locally for a while, but it's nice to have one on my own domain. I'll be digging into h-cards and templates for other pieces shortly.
#aaronpkownyourgram is spotty at best, and it's getting harder and harder to maintain it
#[manton]I wonder if a browser extension would be a good solution. Visit instagram.com while signed in and click a "move everything I see on this page to my blog" kind of a workflow.
#aaronpkso it's a matter of scraping. they do have a lot of JSON on the page, but they're aggressive about whether or not they return a web page if they think you're a bot
jamietanna and [snarfed] joined the channel
#[snarfed]aaronpk i assume you still want to avoid scraping with a logged in cookie? i can commiserate, but i gave in and started doing that in bridgy a while back, and it's been solid and reliable ever since
#aaronpki also haven't had a lot of time to spend on it so i turned off new signups to prevent new people from complaining that it wasn't working
#jamietannaAdding to the conversation earlier about CI/CD - I use GitLab CI for my stuff and it's great, but I also use a fair bit of Jenkins for work and wanna fight its corner that it's all about how you set it up, it can be good to work with
#[manton][snarfed] [aaronpk] Thanks… I might tinker with a browser extension if I have time. (But then there's the question of which browsers to support. Sigh.)
#aaronpki've heard of people having luck with a cross-browser extension library thing
#ZegnatCross-browser extensions are getting better. Definitely possible for something like a scraper too, where you are not interested in browser-specific preferences stuff
#ZegnatIt is just a matter of running (lots of) polyfills, because the W3 extension spec is woefully ignored
#Zegnatwould be happy to assist on browser extension stuff
[Michael_Beckwi] joined the channel
#[Michael_Beckwi]are cross browser extensions really getting better or is it because they’re all basically running the same underlying engine, except Firefox?
#ZegnatIt has always been cross browser between just Firefox and Chrome, basically. Especially what with Safari killing their extensions and the IE extension space never really getting off the ground.
#[manton]Just a quick search for cross-browser extension frameworks makes me think starting with Firefox-only makes the most sense, then maybe adapting it for others. Happy to hear if there's a good framework, though!
#ReneM[m]Would a IFTTT solution, which has API access to IG, the best solution for now and initiate a web request when a new photo is added to a IG profile?
#Loqi[mozilla] webextension-polyfill: A lightweight polyfill library for Promise-based WebExtension APIs in Chrome
#Loqi[mozilla] webextension-polyfill: A lightweight polyfill library for Promise-based WebExtension APIs in Chrome
#ZegnatReneM[m]: can IFTTT send the photo and caption along in the web request? Because I think one of the problems may just be accessing the photo on IG at all.
#aaronpkthe jpg link works fine, but it is temporary now. it's there long enough for IFTTT to work though
#aaronpki wonder how IFTTT got through instagram API review
#[manton][Zegnat] That's cool, thanks. The problem for me is Safari, since that's my default browser. (Although I've written Safari extensions before and could handle that separately.)
#ZegnatOof. I have forsaken extension development in Safari ever since Apple started actively limiting the type of dev work you could do
#ZegnatHmm. That definition is probably not even true anymore
#ZegnatIt is all AppKit and stuff now. I’ve collected some links on that wiki page, [manton]. You as a macOS dev might have better luck with that than me as a webdev. I doubt there are any cross-browser frameworks that still include Safari left
#ReneM[m]Lets see if Riot.im can send photos through the bridge.
#ReneM[m]That’s what IFTTT gets from the IG API and can send tons WebHook. I did it as a POST request to a Netlify function and it worked
#ZegnatYes, images get through the bridge :) Looks interesting!
nderitu joined the channel
#ReneM[m]Since IFTTT has tons of ready-to-be-used Apllets for Instagram to e.g Twitter, Facebook pages that are used my hundred thousands (according to their stats) I doubt that this is a temporary solution😉
#aaronpki just wish it wasn't so awkward to make HTTP requests in IFTTT
andysylvester, gRegorLove__, loicm and [jacky] joined the channel
#[jacky]Browser extensions (ideally) are cross platform if you follow the spec for cross-plat support
#[jacky]ooof 30 hours later <spongebob narrator voice>
lahacker, superjen96, jenelizabeth, alina and blueyed joined the channel