#dev 2020-05-13

2020-05-13 UTC
moppy, [tantek] and akira_ joined the channel
#
akira_ hello
akira_, Meek, [chrisaldrich], gRegorLove, gRegorLove_, nickodd, gRegorLove__, vika_nezrimaya, KartikPrabhu, [jeremycherfas], [Ramiro_Ruiz], swentel, jamietanna, [LewisCowles], [aimee], jamietanna1, moppy, jeremych_, [jgmac1106], d0gfart and joshghent joined the channel; akira_ left the channel
#
[jgmac1106] hello
[Sadik_Shahadu], [jgarber], [Rose], jacky and gxt joined the channel; amiiboh left the channel
#
jacky wonders how complicated it'd be to run bridgy on a non-appengine location
jacky, [tw2113], [Ramiro_Ruiz] and xsteadfastx joined the channel
#
jacky finally got my gitea -> drone setup going nicely
#
jacky so now I can push to deploy stuff, get it tagged in my hosted copy of sentry and get emails about me misconfiguring stuff lol
#
[LewisCowles] openssl + windows = 😿
#
[LewisCowles] a file that decrypts just fine on my pc, using a symetric passphrase, won't decrypt on others. The advice. Encrypt using linux or mac
#
[LewisCowles] I wonder if I can blame git for this in some way. I really need to decrypt the file on windows, mac and linux
[snarfed] and nickodd joined the channel
#
[snarfed] TIL Flickr doesn't serve the Content-Length header on its photos 😠 https://github.com/snarfed/bridgy/issues/944
#
Loqi [jgmac1106] #944 twitter publish: flickr images missing file sizes (Content-Length header)
#
[snarfed] jacky: it used to be almost impossible to run bridgy outside app engine, but their new runtimes nicely decoupled all the bundled APIs and services, so it's now actually totally doable
#
[snarfed] would probably be a bit slower, but still usable. i'd love to see (and help) someone try!
#
jacky It's definitely on my to-do list
#
jacky my only complication would be the one thing I think that'd be why I want it - for bridging Twitter (complication would be getting a valid app account for it approved)
#
[snarfed] why not use the service? just curious
#
[snarfed] also it's generally a lot easier to get API keys for silos if you only need them to work for your own user. including twitter afaik
#
jacky tbh I have no qualm against using it directly
#
jacky I'm just thinking about a (edge)case of traffic
#
jacky preoptimization--
#
Loqi preoptimization has -1 karma over the last year
#
[snarfed] ah ok. bridgy's load is pretty even across users, and it has ~5k, so one or two or a handful of users here or there wouldn't make a difference in traffic
#
[snarfed] preoptimization--
#
Loqi preoptimization has -2 karma over the last year
#
[snarfed] but people have also wanted to self host it before to "own" more of their services, which i fully support. this would be a great test!
#
[LewisCowles] snarfed, regarding no content length, is it a valid http1.1 streaming response?
[manton] and xsteadfastx joined the channel
#
[jgmac1106] snarfed has to be a recent change I have used flickr embeds and bridgy forever
#
[jgmac1106] just encourages me to download and host locally, strengthens the Commons anyways
#
[LewisCowles] anyone able to know or guess what is wrong with the following line for mac OS cli using OpenSSL 1.1
#
[LewisCowles] `openssl aes-256-cbc -d -md sha512 -pbkdf2 -iter 1000 -in vendor/***.zip.enc -out vendor/***.zip -pass pass:$VSTSDK_KEY`
#
[LewisCowles] works on windows (under msys2) and linux
[Sadik_Shahadu] joined the channel
#
[LewisCowles] I'm wondering if I can just decrypt on one OS as part of CI and then pass to jobs on other OS's. Although when I tried that yesterday for the repository I was working on I lost access.
#
[snarfed] LewisCowles flickr evidently offers both HTTP/1.1 and HTTP/2. not sure which one bridgy is using. when i curl it with HTTP/2, it returns the header Streaming: false.
#
[LewisCowles] HTTP2 always should include a content-length. HTTP1.1 the disaster that it was, had other, particularly stupid ideas
#
[LewisCowles] for us it was detecting chunked encoding and parsing that. I actually wanted to middle-finger the requests and refuse to serve them
#
[LewisCowles] if I don't know how big it is, I don't know how long it's going to tie up a machine for
#
Salt[m] is there a preferred way to list multiple organizations in an h-card?
[schmarty] joined the channel
#
[schmarty] Salt: microformat properties are plural-by-default, so you should be able to list as many as you like.
#
[schmarty] i have seen org names with "p-org" as well as more detailed info with nested h-cards like "p-org h-card".
#
Salt[m] ah, I do think I remember something about using a nested h-card as the org, or something of that sort
cal joined the channel
#
[snarfed] sadly flickr's HTTP2 evidently doesn't include content-length
#
GWG I was debating not long ago nested h-cards in p-publisher as well as p-org
#
[LewisCowles] hmm, maybe send them this https://svn.tools.ietf.org/svn/wg/httpbis/specs/rfc7230.html#header.content-length and https://http2.github.io/http2-spec/#malformed
#
[LewisCowles] I must admit it's not as explicit as I'd like to be certain, but I really hate requests without content length as well as responses
#
[snarfed] ah yeah it's SHOULD not MUST
gRegorLove and [KevinMarks] joined the channel
#
[LewisCowles] solved openssl. Sadly some platforms cannot use -iter or -pbkdf2 (maybe they can with more work, but I don't want to do it)
#
[LewisCowles] an dropping those two args from generation fixed, even if annoying to see warnings on some platforms
#
[LewisCowles] `openssl aes-256-cbc -d -md sha512 -in vendor/***.zip.enc -out vendor/***.zip -pass pass:$VSTSDK_KEY`
[juju] and vika_nezrimaya joined the channel
#
jacky I know there's more PHP heads in here
#
jacky have y'all tried and used Laravel Livewire?
[mapkyca] joined the channel
#
[LewisCowles] I can ask some Laravel users
#
[KevinMarks] anyone want to advise? https://twitter.com/ASpittel/status/1260612610686361600
#
@ASpittel What's your favorite tech stack for building a blog site right now and why? (twitter.com/_/status/1260612610686361600)
#
[LewisCowles] flat HTML, CSS, maybe a pinch of JavaScript.
#
[LewisCowles] Send everything else to someone else to give them the headache of server management
#
[LewisCowles] Did anyone know about config.yml in .github/ISSUE_TEMPLATE ?
#
[LewisCowles] https://github.com/VCVRack/Rack/blob/v1/.github/ISSUE_TEMPLATE/config.yml
#
[LewisCowles] Seems pretty fantastic at cattle-grid'ing incoming
#
[LewisCowles] I feel like I just found the letterbox
[calumryan] joined the channel
#
aaronpk for tantek:
#
aaronpk SMS << https://sec.okta.com/articles/2020/05/sms-two-factor-authentication-worse-just-good-password
#
Loqi ok, I added "https://sec.okta.com/articles/2020/05/sms-two-factor-authentication-worse-just-good-password" to the "See Also" section of /SMS https://indieweb.org/wiki/index.php?diff=69896&oldid=68932
#
[snarfed] so the "If a password can be reset with just SMS" part buried deep in there is the key
#
[snarfed] people conflate "SMS is insecure" with "SMS 2FA is insecure." if you add SMS 2FA to password login, and don't allow SMS as single factor fallback, that combination is still more secure than password alone
#
[snarfed] layers++
#
Loqi layers has 1 karma over the last year
#
[snarfed] shadesofgray++
#
Loqi shadesofgray has 1 karma over the last year
#
aaronpk yeah it's more like SMS account recovery is terrible
#
[snarfed] yes that
#
[snarfed] clickbait--
#
Loqi clickbait has -1 karma over the last year
#
[LewisCowles] Although device vendors are improving, some also have awful SMS defaults, such as displaying partial messages on the lock-screen.
#
[LewisCowles] not terrible if the code is right off the end, but really quite bad if the SMS code is the first thing you see (Here's.... Paypal)
#
[LewisCowles] Also Google 😭
#
[LewisCowles] who have quite some say in making the devices. I know I can turn it off
#
[LewisCowles] Instagram, VirginMoney, Twilio
#
[LewisCowles] all from a single screen
#
[snarfed] eh the shoulder surfing threat is basically non existent, at least for any of us here
#
aaronpk certainly now
#
[LewisCowles] Oh due to lockdown... 🙄 well lets not make all of our life and security considerations based on the colossal screw up we're in now
#
[LewisCowles] Does anyone have Apple CoreAudio SDK?
#
[snarfed] eh, even apart from lockdown, purely online threats are way way more likely for most people than shoulder surfing
#
[LewisCowles] I seem to have poor builds due to missing header files and incompatible API's
#
[LewisCowles] Apple removed it from their website
[grantcodes] joined the channel
#
[grantcodes] Hello? Just testing...
#
[grantcodes] Are you still using next.js for your current site vika_nezrimaya? I actually enjoy the simplicity of it * with the massive caveat of already understanding react - which is not simple at all 😂
#
[grantcodes] Weird, wouldn't let me send that message. 🤷‍♂️
#
vika_nezrimaya I'm not using anything at all for the website, since I have no website in development right now
#
vika_nezrimaya I'm rewriting the rewrite of the website
#
vika_nezrimaya didn't even start yet
#
vika_nezrimaya since I'm trying to figure out how to do ACME DNS validation for certificates...
#
vika_nezrimaya >.<
#
vika_nezrimaya and it's hard to do so when nosy relatives are constantly shuffling around behind my back and asking stupid questions
#
vika_nezrimaya ughhhhhh i wish corona didn't exist so I could go to a time-cafe and code
#
[grantcodes] Haha been there with the rewrites. But I just let someone else handle the certificates.
#
vika_nezrimaya the price is justified by the environment it gives me, I'm really productive when I could sip free coffee in a semi-quiet room with some music on
#
[LewisCowles] aaronpk please have a word regarding
#
[LewisCowles] The problem with lies is that you'll forget them
#
[LewisCowles] > Second, generate random lies for any security questions, such as ‘favorite food’ or ‘street you lived on’.
#
sknebel thats why you put them in a password manager too :D
#
[LewisCowles] notes in a password manager are only viable if you can get into one. It's a big juicy honeypot
#
[grantcodes] But let me know if you want next.js advice, now I think it's a pretty awesome way to build indieweb websites. And like I said if you're over that first hurdle of learning react it is super flexible and can be about as simple or complex as you want
#
vika_nezrimaya yeah, about that... it requires this webpack mess which is too complex for me
#
vika_nezrimaya I'm really considering ditching IE11, Edge 18 and Opera support for nice things like ES6 modules
#
vika_nezrimaya in browser, like <script type="module"> so I won't have to deal with Webpack hell
#
petermolnar don't misunderstand my question but what kind of interactivity requires your current dependencies?
#
[grantcodes] 🤔 it uses webpack under the hood but unless you are doing something really specific you shouldn't need to touch it
#
vika_nezrimaya Environment variables. A lot of them.
#
vika_nezrimaya I eventually realized that my approach was flawed
#
vika_nezrimaya but I already had one burnout so I guess I subconsciously mistrust anything that lists webpack in its dependency tree
#
vika_nezrimaya >.<
#
[LewisCowles] The version of CoreAudio I need has a folder named AudioUnitExamplesAudioUnitEffectGeneratorInstrumentMIDIProcessorandOffline
#
[LewisCowles] A particularly verbose filename
#
vika_nezrimaya sounds like a Java class
#
petermolnar AudioUnitExamplesAudioUnitEffectGeneratorInstrumentMIDIProcessorandOfflineFactoryInstance would be Java
#
vika_nezrimaya a Java class that my former college mates would write, I mean
#
vika_nezrimaya or do they still name their classes A, B and C?
#
petermolnar 16:9 screens were made to allow longer Java classnames, the legend says
#
vika_nezrimaya thankfully, I don't remember
#
[LewisCowles] It's C or C++
#
Loqi C has 1 karma in this channel over the last year (21 in all channels)
#
[LewisCowles] hahaha
#
Loqi nice
#
[LewisCowles] maybe C needs some Karma. All our kiddy languages depend on it
#
[LewisCowles] well, most of
swentel joined the channel
#
vika_nezrimaya rust is a contender though, or so I heard
#
vika_nezrimaya even Microsoft evaluated it for rewriting parts of Windows (and I remember them saying it lacks some uncommon features, while overall being a great choice for OS development)
#
[LewisCowles] It could be huge. It's got macros and pre-processors, much to my dismay it's not common to output pre-processed files to a build folder to make them easy to read if you, like most people were not born with a pre-processor
#
[LewisCowles] new rustacean has a rather nice playback speed that was fun to hack into it's build system. It's as far as I've got with rust past a *morphism example
nickodd left the channel
#
[LewisCowles] I think maybe my C errors were github actions somehow mixing clang and gcc 😊
#
[LewisCowles] damn it's hard to do anything low-level
#
[LewisCowles] especially across OS's with vendors that hate their users
gRegorLove, xsteadfastx, [KevinMarks] and joshghent joined the channel
#
[KevinMarks] AudioUnits were C++ when the rest of the OS was C. Which was fun when they threw an uncaught exception
joshghent, [tantek] and [LewisCowles] joined the channel
#
[LewisCowles] It compiles now (and somehow seems to avoid uncaught exceptions).
#
[LewisCowles] Now moving on to next part of the build. I Was interrupted by bitbucket being down, so I craftily found a cached version of a dependency, same hash and added a chained fallback. Bit naughty, really need to add vendoring, but without adequate ways to describe where some files come from and what their canonical revision is, I might skip that part.