#dev 2020-04-22

2020-04-22 UTC
[schmarty], KartikPrabhu, Bill_Bennett_NZ, [jgarber], crab and [tantek] joined the channel
# 00:55 
[tantek] heads-up folks that use / embed Stripe JS, you may be enabling Stripe to track *your* users / readers: https://mtlynch.io/stripe-recording-its-customers/
# 00:55 
[tantek] (even if your visitors do not do any transactions!)
geoffo joined the channel
# 00:57 
aaronpk i saw that :(
# 00:57 
aaronpk for "fraud prevention"
# 01:05 
[tantek] that's not an unreasonable excuse. still feels creepy. WDYT of the mitigations proposed by the article author?
# 01:05 
aaronpk about as good as you can do! i appreciate he included that
# 01:08 
[tantek] Stripe << Surveillance criticism and mitigation: 2020-04-20 [https://mtlynch.io/stripe-recording-its-customers/ Stripe is Silently Recording Your Movements On its Customers' Websites]
# 01:08 
Loqi ok, I added "Surveillance criticism and mitigation: 2020-04-20 [https://mtlynch.io/stripe-recording-its-customers/ Stripe is Silently Recording Your Movements On its Customers' Websites]" to the "See Also" section of /Stripe https://indieweb.org/wiki/index.php?diff=69580&oldid=58910 
[jgmac1106], kino, vika_nezrimaya, [chrisaldrich], GWG and swentel joined the channel; tno left the channel
# 04:43 
swentel thanks for the merge aaronpk !
# 05:30 
swentel aaronpk, interesting side effect, youtube channel feeds now will now have the iframe content (if you enable the flag of course)
# 05:30 
swentel I was looking to enrich from description
# 05:31 
swentel but PicoFeed already extracts the youtube url and generates an iframe tag in content
# 05:31 
swentel until now this was stripped of course
# 05:31 
swentel with the flag, you have the video :)
# 05:31 
swentel It looks though I'll have to enrich from Picofeed
# 05:31 
swentel but I'm already glad the video is in there, so no rush atm :)
# 05:54 
swentel and here we go https://github.com/aaronpk/picofeed/pull/5 ;)
# 05:54 
swentel it was easy
# 05:54 
Loqi [swentel] #5 Add description to content
# 05:54 
swentel could be better title haha
nickodd joined the channel
# 06:24 
dansup I wonder what indieweb stuff would work with Pixelfed
# 06:25 
dansup We support atom, micropub is on the horizon
# 06:26 
dansup The challenging thing with indieweb is not the technical aspect, its the UI/UX. A stripe.js for indieweb would be nice
strugee joined the channel
# 06:30 
swentel dansup, there are some experiments with fed.brid.gy already
# 06:30 
swentel but it's currently blocked on the author somewhere (but I lost the issue I created)
# 06:30 
swentel if that would work, there would be a lot of incoming indieweb people I think :)
# 06:31 
swentel (although I would agree micropub would be awesome of course)
# 06:32 
dansup a permissive API and schema is my goal, pixelfed is not like IG, we embrace data sharing
# 06:32 
swentel what's IG?
# 06:33 
dansup instagram
# 06:34 
swentel aaah :)
# 06:34 
swentel ah, so this was the issue I was talking about, https://github.com/pixelfed/pixelfed/issues/761 - been a while since I tested though, so not sure at all what the status is
# 06:34 
Loqi [swentel] #761 attributedTo can be an array instead of a string as well
# 06:37 
KartikPrabhu aaronpk: I am at a on a Slack channel for an online conference, where people want to continue the free Slack channel but still have a logged history of the conversation. Any tips on how to set this up would be great!
# 06:43 
dansup swentel: oof, will fix
# 06:44 
swentel dansup, feel free to ping me in case you have a fix, will definitely test out :)
# 06:45 
dansup what software are you using?
# 06:49 
swentel to send to PF? using brid.gy atm
# 06:49 
swentel works great with mastodon
# 06:54 
dansup because it was made for masto
# 06:55 
dansup im working out the bugs with ryan
# 06:55 
swentel feel free report progress on hhttps://github.com/snarfed/bridgy-fed/issues/39 too, that's the issue we use track PF integration
# 06:56 
swentel been a while since I tested it locally
# 06:56 
swentel Looks like I was able to sync a profile locally :)
loicm, petermolnar, KartikPrabhu, [LewisCowles], [jgmac1106], gRegorLove_, gxt, [tw2113], [jgarber], geoffo, swentel, nickodd, [tantek], JC1 and aaronpk_ joined the channel
# 15:50 
aaronpk holy crap, twitter approved my developer account application
# 15:50 
aaronpk for my Switch twitter account
# 15:51 
jacky congrats! lmfaoo
# 15:51 
jacky need that application template :)
# 15:54 
aaronpk i think i just said something along the lines of I am trying to download my own tweets and won't be downloading content from any other accounts
# 15:54 
aaronpk i'm kind of impressed tho, because it was a brand new account with only a couple tweets in it
aaronpk_ joined the channel
# 15:59 
jacky lol the reviewer probably empathized then
aaronpk_, KartikPrabhu, IWSlackGateway, [LewisCowles] and geoffo joined the channel
# 16:58 
jamietanna[m] Is snarfed around to give a hand with trying to publish https://www.jvt.me/mf2/2020/04/qj3zt/ - it's failing in https://brid.gy/log?start_time=1587563839&key=agdicmlkLWd5ckwLEg1QdWJsaXNoZWRQYWdlIiVodHRwczovL3d3dy5qdnQubWUvbWYyLzIwMjAvMDQvcWozenQvDAsSB1B1Ymxpc2gYgIDgza7CmwoM because it's picking up the HTML content not the Bridgy twitter content, maybe because there's a child with its own `e-content`?
# 16:58 
Loqi [Jamie Tanna] I'm very much looking forward to this talk, it was awesome when I saw it at #oggcamp last year, and #WiTNotts is very fortunate to have Rachel Morgan-Trimmer speak!
[Ana_Rodrigues], aaronpk_, gRegorLove_, dougbeal|iOS, loicm and [snarfed] joined the channel
# 17:52 
[snarfed] oh wow interesting find jamietanna! that's a rare one. error is at the end of that log, and in the HTTP 400 response body: "Error:  obj['content'] has unescaped < or > characters!"
# 17:53 
[snarfed] added ~6 mos ago to close this security hole: https://github.com/snarfed/bridgy/issues/880
# 17:53 
Loqi [freekmurze] #880 JavaScript injection vulnerability
# 17:55 
[snarfed] your page may not be doing anything wrong. i do see an errant \u2026 in the parsed mf2 though, in items[0].quotation-of.value, which might be suspicious. not sure if that's your fault or mf2py's or neither though
# 17:56 
jamietanna[m] That is almost certainly from fontawesome, I think
# 17:56 
jamietanna[m] Interesting - so it looks like it's picking up the HTML of the content, when there's a `value` there instead
# 17:57 
[snarfed] i think that's ok and expected? `value` mf2 doesn't mean ignore HTML
# 17:57 
jamietanna[m] I can't escape it in the source as it's actual html to render,
# 17:57 
[snarfed] looks like it comes with any `e-*` property: http://microformats.org/wiki/microformats2-parsing#parsing_an_e-_property
# 17:57 
Loqi [Tantek Çelik] microformats2 parsing specification
# 17:58 
[snarfed] actually that \u2026 is probably a red herring. it's valid unicode and ok to be in `value` afaik, unicode is fine, and that's how it's escaped in JSON
# 17:58 
jamietanna[m] Ah ok
[calumryan] joined the channel
# 17:59 
[snarfed] probably a bridgy/granary bug, need to escape attachments' content as well as the primary object
# 17:59 
[snarfed] i'll look!
aaronpk_ joined the channel; nickodd left the channel
# 18:12 
jamietanna[m] Ty!
aaronpk_ joined the channel
# 18:44 
jacky my mf2 parser strips port numbers from URLs which is a bit annoying because I spin up a web server for serving tests (so it actually uses the HTTP driver)
# 18:44 
jacky cracks knuckles and begins patching
[tw2113] joined the channel
# 18:45 
sknebel "your" parser as in one you wrote or one of the others that has a bug?
# 18:45 
jacky good phrasing lol
# 18:46 
jacky it's one I'm using, I didn't write it
# 18:46 
jacky but still gonna patch and open a bug
# 18:46 
jacky technically affects like 4 of my projects
# 18:46 
sknebel people occasionally silently start to write parsers, thats why I was curious
# 18:47 
jacky ha I'm not there (yet)
# 18:47 
jacky I def am curious about implementing one in Rust
# 18:47 
jacky and then binding it out to other languages
[jgarber] joined the channel
# 18:55 
[jgarber] people == jgarber  😂
# 18:58 
Zegnat people == zegnat - who has been tinkering on a parser in Typescript for weeks now. Though very sporadically :P
# 18:58 
Zegnat jacky: binding to PHP so we can go faster? :D
# 18:59 
Zegnat Didn’t someone do an mf2 parser as PHP extension?
# 19:00 
jacky lol
# 19:01 
Zegnat https://code.cjwillcock.ca/php-extensions/mf2
# 19:02 
Zegnat So actually an mf2 parser in C, that is then hooked into PHP
# 19:04 
Zegnat cjwillcock++ for apparently also starting on HTML parsing for PHP <3 https://code.cjwillcock.ca/php-extensions/html
# 19:04 
Loqi cjwillcock has 1 karma over the last year
# 19:20 
jacky oh that'd be dope
# 19:21 
Zegnat I wish for good HTML parsers in all languages. So we can move away from using libxml for everything it isn’t supposed to parse…
loicm, KartikPrabhu, leg and jamietanna joined the channel
# 20:45 
jamietanna swentel: what format does Indigenous expect for the q=contact response? Is it a list of h-cards, or as per https://indieweb.org/Micropub-extensions#Query_for_contacts ?
aaronpk_, KartikPrabhu, Anastasia, Kaja_, garrettw, treora, gRegorLove_ and jeremycherfas joined the channel
# 22:41 
jacky I think that's the correct response
# 22:41 
jacky lemme check (b/c I think I added that code block)
# 22:42 
jacky yeah it's a single key dictionary/map named "contacts" with a list of h-cards
# 22:42 
jacky jamietanna: ^
# 22:42 
jacky uses this with Indigenous
Bill_Bennett_NZ joined the channel
# 23:16 
jamietanna[m] Ty jacky! That's something for next few days, and a custom frontend to add my own details like twitter url
FridaAasen and [tw2113] joined the channel