#dev 2020-04-22

2020-04-22 UTC
[schmarty], KartikPrabhu, Bill_Bennett_NZ, [jgarber], crab and [tantek] joined the channel
#
[tantek]
heads-up folks that use / embed Stripe JS, you may be enabling Stripe to track *your* users / readers: https://mtlynch.io/stripe-recording-its-customers/
#
[tantek]
(even if your visitors do not do any transactions!)
geoffo joined the channel
#
aaronpk
i saw that :(
#
aaronpk
for "fraud prevention"
#
[tantek]
that's not an unreasonable excuse. still feels creepy. WDYT of the mitigations proposed by the article author?
#
aaronpk
about as good as you can do! i appreciate he included that
#
[tantek]
Stripe << Surveillance criticism and mitigation: 2020-04-20 [https://mtlynch.io/stripe-recording-its-customers/ Stripe is Silently Recording Your Movements On its Customers' Websites]
#
Loqi
ok, I added "Surveillance criticism and mitigation: 2020-04-20 [https://mtlynch.io/stripe-recording-its-customers/ Stripe is Silently Recording Your Movements On its Customers' Websites]" to the "See Also" section of /Stripe https://indieweb.org/wiki/index.php?diff=69580&oldid=58910
[jgmac1106], kino, vika_nezrimaya, [chrisaldrich], GWG and swentel joined the channel; tno left the channel
#
swentel
thanks for the merge aaronpk !
#
swentel
aaronpk, interesting side effect, youtube channel feeds now will now have the iframe content (if you enable the flag of course)
#
swentel
I was looking to enrich from description
#
swentel
but PicoFeed already extracts the youtube url and generates an iframe tag in content
#
swentel
until now this was stripped of course
#
swentel
with the flag, you have the video :)
#
swentel
It looks though I'll have to enrich from Picofeed
#
swentel
but I'm already glad the video is in there, so no rush atm :)
#
swentel
it was easy
#
Loqi
[swentel] #5 Add description to content
#
swentel
could be better title haha
nickodd joined the channel
#
dansup
I wonder what indieweb stuff would work with Pixelfed
#
dansup
We support atom, micropub is on the horizon
#
dansup
The challenging thing with indieweb is not the technical aspect, its the UI/UX. A stripe.js for indieweb would be nice
strugee joined the channel
#
swentel
dansup, there are some experiments with fed.brid.gy already
#
swentel
but it's currently blocked on the author somewhere (but I lost the issue I created)
#
swentel
if that would work, there would be a lot of incoming indieweb people I think :)
#
swentel
(although I would agree micropub would be awesome of course)
#
dansup
a permissive API and schema is my goal, pixelfed is not like IG, we embrace data sharing
#
swentel
what's IG?
#
dansup
instagram
#
swentel
aaah :)
#
swentel
ah, so this was the issue I was talking about, https://github.com/pixelfed/pixelfed/issues/761 - been a while since I tested though, so not sure at all what the status is
#
Loqi
[swentel] #761 attributedTo can be an array instead of a string as well
#
KartikPrabhu
aaronpk: I am at a on a Slack channel for an online conference, where people want to continue the free Slack channel but still have a logged history of the conversation. Any tips on how to set this up would be great!
#
dansup
swentel: oof, will fix
#
swentel
dansup, feel free to ping me in case you have a fix, will definitely test out :)
#
dansup
what software are you using?
#
swentel
to send to PF? using brid.gy atm
#
swentel
works great with mastodon
#
dansup
because it was made for masto
#
dansup
im working out the bugs with ryan
#
swentel
feel free report progress on hhttps://github.com/snarfed/bridgy-fed/issues/39 too, that's the issue we use track PF integration
#
swentel
been a while since I tested it locally
#
swentel
Looks like I was able to sync a profile locally :)
loicm, petermolnar, KartikPrabhu, [LewisCowles], [jgmac1106], gRegorLove_, gxt, [tw2113], [jgarber], geoffo, swentel, nickodd, [tantek], JC1 and aaronpk_ joined the channel
#
aaronpk
holy crap, twitter approved my developer account application
#
aaronpk
for my Switch twitter account
#
jacky
congrats! lmfaoo
#
jacky
need that application template :)
#
aaronpk
i think i just said something along the lines of I am trying to download my own tweets and won't be downloading content from any other accounts
#
aaronpk
i'm kind of impressed tho, because it was a brand new account with only a couple tweets in it
aaronpk_ joined the channel
#
jacky
lol the reviewer probably empathized then
aaronpk_, KartikPrabhu, IWSlackGateway, [LewisCowles] and geoffo joined the channel
#
jamietanna[m]
Is snarfed around to give a hand with trying to publish https://www.jvt.me/mf2/2020/04/qj3zt/ - it's failing in https://brid.gy/log?start_time=1587563839&key=agdicmlkLWd5ckwLEg1QdWJsaXNoZWRQYWdlIiVodHRwczovL3d3dy5qdnQubWUvbWYyLzIwMjAvMDQvcWozenQvDAsSB1B1Ymxpc2gYgIDgza7CmwoM because it's picking up the HTML content not the Bridgy twitter content, maybe because there's a child with its own `e-content`?
#
Loqi
[Jamie Tanna] I'm very much looking forward to this talk, it was awesome when I saw it at #oggcamp last year, and #WiTNotts is very fortunate to have Rachel Morgan-Trimmer speak!
[Ana_Rodrigues], aaronpk_, gRegorLove_, dougbeal|iOS, loicm and [snarfed] joined the channel
#
[snarfed]
oh wow interesting find jamietanna! that's a rare one. error is at the end of that log, and in the HTTP 400 response body: "Error: obj['content'] has unescaped < or > characters!"
#
[snarfed]
added ~6 mos ago to close this security hole: https://github.com/snarfed/bridgy/issues/880
#
Loqi
[freekmurze] #880 JavaScript injection vulnerability
#
[snarfed]
your page may not be doing anything wrong. i do see an errant \u2026 in the parsed mf2 though, in items[0].quotation-of.value, which might be suspicious. not sure if that's your fault or mf2py's or neither though
#
jamietanna[m]
That is almost certainly from fontawesome, I think
#
jamietanna[m]
Interesting - so it looks like it's picking up the HTML of the content, when there's a `value` there instead
#
[snarfed]
i think that's ok and expected? `value` mf2 doesn't mean ignore HTML
#
jamietanna[m]
I can't escape it in the source as it's actual html to render,
#
Loqi
[Tantek Çelik] microformats2 parsing specification
#
[snarfed]
actually that \u2026 is probably a red herring. it's valid unicode and ok to be in `value` afaik, unicode is fine, and that's how it's escaped in JSON
[calumryan] joined the channel
#
[snarfed]
probably a bridgy/granary bug, need to escape attachments' content as well as the primary object
#
[snarfed]
i'll look!
aaronpk_ joined the channel; nickodd left the channel
aaronpk_ joined the channel
#
jacky
my mf2 parser strips port numbers from URLs which is a bit annoying because I spin up a web server for serving tests (so it actually uses the HTTP driver)
#
jacky
cracks knuckles and begins patching
[tw2113] joined the channel
#
sknebel
"your" parser as in one you wrote or one of the others that has a bug?
#
jacky
good phrasing lol
#
jacky
it's one I'm using, I didn't write it
#
jacky
but still gonna patch and open a bug
#
jacky
technically affects like 4 of my projects
#
sknebel
people occasionally silently start to write parsers, thats why I was curious
#
jacky
ha I'm not there (yet)
#
jacky
I def am curious about implementing one in Rust
#
jacky
and then binding it out to other languages
[jgarber] joined the channel
#
[jgarber]
people == jgarber 😂
#
Zegnat
people == zegnat - who has been tinkering on a parser in Typescript for weeks now. Though very sporadically :P
#
Zegnat
jacky: binding to PHP so we can go faster? :D
#
Zegnat
Didn’t someone do an mf2 parser as PHP extension?
#
Zegnat
So actually an mf2 parser in C, that is then hooked into PHP
#
Zegnat
cjwillcock++ for apparently also starting on HTML parsing for PHP <3 https://code.cjwillcock.ca/php-extensions/html
#
Loqi
cjwillcock has 1 karma over the last year
#
jacky
oh that'd be dope
#
Zegnat
I wish for good HTML parsers in all languages. So we can move away from using libxml for everything it isn’t supposed to parse…
loicm, KartikPrabhu, leg and jamietanna joined the channel
#
jamietanna
swentel: what format does Indigenous expect for the q=contact response? Is it a list of h-cards, or as per https://indieweb.org/Micropub-extensions#Query_for_contacts ?
aaronpk_, KartikPrabhu, Anastasia, Kaja_, garrettw, treora, gRegorLove_ and jeremycherfas joined the channel
#
jacky
I think that's the correct response
#
jacky
lemme check (b/c I think I added that code block)
#
jacky
yeah it's a single key dictionary/map named "contacts" with a list of h-cards
#
jacky
jamietanna: ^
#
jacky
uses this with Indigenous
Bill_Bennett_NZ joined the channel
#
jamietanna[m]
Ty jacky! That's something for next few days, and a custom frontend to add my own details like twitter url
FridaAasen and [tw2113] joined the channel