#dev 2020-08-05

2020-08-05 UTC
#
jacky
I'm trying to understand how it's determining if it's (Gobo) something posted by a man
#
jacky
I mean it admits when it doesn't know the gender of the poster but then it just hides the content altogether
[fluffy], geoffo, sp1ff`, nickodd, [tantek], sp1ff, [tb], KartikPrabhu, swentel, dckc, moppy, gxt and [KevinMarks] joined the channel; nickodd left the channel
Kappa, HbHighland2, dckc, geoffo, vilhalmer, [chrisaldrich] and sp1ff joined the channel
#
beko
did something change on the brid.gy about recieving webmentions? Mastodon publish doesn't seem to make it through. Problem may be on my end.
[Chaitanya] joined the channel
#
[Chaitanya]
beko: Ryan reported this issue with Mastodon a few months back: https://github.com/tootsuite/mastodon/issues/12915
#
[Chaitanya]
Probably, cause of that publishing hasn't been working with brid.gy for Mastodon
#
Loqi
[snarfed] #12915 reproducible HTTP 502 error in OAuth /oauth/authorize
sp1ff joined the channel
#
beko
[Chaitanya]: thanks but that's only the interactive "send for publishing" function on the page itself. Publishing via webmention worked fine last time 6 days ago.
#
beko
an RSVP also didn't show up so I send the Webmention manually. Afraid something broke on my end again *sigh
[tb] joined the channel
#
[tb]
Heh didn't take long for the bots to start descending on my IndieAuth token endpoint
[schmarty], [Rose] and [KevinMarks] joined the channel
#
beko
[tb]: as in actually trying to login or do they just throw random requests at it?
#
[tb]
I see a few requests to hit my `/login` endpoint and then after one request to `/indieauth/authorize` that redirected to `/login` it just threw something random at `/indieauth/token` 😄
#
beko
oh. so nothing serious :)
#
[tb]
Yeah, at least it exposed a bad constant reference I had in my error handler on the token endpoint that wasn't in the path of any of tests haha
#
beko
chrchr, sounds like Chaos Engineering :D
#
[tb]
Speaking of which, that's on my todo list for this but haven't really given much thought on how to chaos test an app running on Heroku
#
beko
it probably involves docker xD
#
[tb]
Looks like Heroku doesn't even allow low-medium load tests against hobby dynos
#
[tb]
Heroku is really more of a stopgap for me anyway though, wanted to focus on writing my backend hub first
#
[tb]
Ultimately I think my push into IndieWeb will converge with my desire to Homelab someday 🙂
#
beko
same 😁
#
[tb]
Heroku still seems to be about the cheapest option at the moment though — all in it looks like it's going to cost me $14/mo or so with 1x hobby dyno for the app, 1x hobby dyno for the worker, and then free Postgres, Redis, and Elasticsearch
#
[tb]
Beyond that though the economy of it starts shifting back towards DIY on less managed providers, Google Cloud Run seems pretty promising for running the containerized parts
#
[tb]
Or for 2x Heroku standard dynos I could just rent an an entire server from OVH!
[Ana_Rodrigues] and KartikPrabhu joined the channel
#
[tb]
[aaronpk] I just ran across something that uses `response_type=id` — the receiver tests on webmention.rocks!
swentel, [chrisaldrich], [pfefferle], lahacker, Kappa and [tw2113] joined the channel
#
@dannysteenman
↩️ The creator of this already made a very nice blogpost about it. https://mxb.dev/blog/using-webmentions-on-static-sites/
(twitter.com/_/status/1291108720987054081)
gRegorLove joined the channel
#
[chrisaldrich]
Kappa, from development perspective you can go either route: reply back and forth with new posts each time (and include the URLs, manually if necessary, of all the prior conversation to send those webmentions--this gets messy after a few times though and will add a lot of cruft to your feeds potentially) OR you can do all the replies in a threaded manner under the original post and rely on parsers to do their job to show the correct bits.
#
[chrisaldrich]
As an example, here's a parsed version of one of my sub-comments which only shows the comment and not the original content in the top level h-entry: https://pin13.net/mf2/?url=https%3A%2F%2Fboffosocko.com%2F2018%2F07%2F01%2Frefbacks-support-for-my-website%2F%3Freplytocom%3D57527%23respond
#
Loqi
[Chris Aldrich] I suspect that spammers are spending more time focusing on other surfaces now, besides anti-spam measures have come a bit further in almost 15 years. We’ll see what happens. I know some who are working on the vouch spec, which I suspect will cut wa...
ben_thatmustbeme joined the channel
#
[chrisaldrich]
You notice that even Loqi can parse the proper piece of the fragment on a given URL from the example above: https://boffosocko.com/2018/07/01/refbacks-support-for-my-website/?replytocom=57527#respond
#
Loqi
[Chris Aldrich] I suspect that spammers are spending more time focusing on other surfaces now, besides anti-spam measures have come a bit further in almost 15 years. We’ll see what happens. I know some who are working on the vouch spec, which I suspect will cut wa...
#
[chrisaldrich]
though it appears for those in Slack that slack can't parse it properly. 🙂
KartikPrabhu joined the channel
#
Kappa
Thanks for the tips. I think I may prefer to use a comment section/leave a reply section to reply incoming webmentions
#
Kappa
whatever is simpler and works, and may not go through the salmentions route.
#
Kappa
It's late at night in my timezone, gotta work on it later/in day time.
#
Kappa
Thanks for the help, Chris. [chrisaldrich]++
#
Loqi
[chrisaldrich] has 9 karma in this channel over the last year (64 in all channels)
#
[chrisaldrich]
good luck Kappa, we're around if you have other questions....
KartikPrabhu and [KevinMarks] joined the channel
#
[KevinMarks]
Well, I spent a fair bit of time tonight working out how to do a table with a header and some toggle above it so that the table body scrolled but the top furniture didn't.
#
[KevinMarks]
Because you can't just do tbody {overflow:scroll ;} for some reason.
gbmor, [Chaitanya] and [tantek] joined the channel
#
[tantek]
For anyone who may be using Twilio's JS SDK, I'm sure you have have nothing to worry about, but might want to double-check: https://www.theregister.com/2020/07/21/twilio_sdk_code_injection/
#
[tantek]
It's not like any of Twilio's code is used for anything security like SMS MFA (which you shouldn't be using anyway) or authentication like Authy