#dev 2021-01-03

2021-01-03 UTC
villasv, cambridgeport90 and geoffo joined the channel
#
cambridgeport90
I have a funny uestion for you guys. My main dev focus right now is the .NET languages, user wchadly on Twitter and I were just talking about this. He, too, would love to see the .NET side of the ecosystem get some love, but according to the wiki, OOP is an antipattern, so, is that why it's been ignored all these years? Do I need to find another focus instead?
#
Zegnat
What is OOP?
#
Loqi
The object-oriented-programming antipattern is the excessive / unnecessary use of object-oriented-programming (OOP) and OOP techniques when simple procedural functions would have sufficed, with less overhead, fewer files to navigate around, fewer indirections to follow while debugging, etc https://indieweb.org/OOP
#
sknebel
sigh. that page probably does more harm than good nowadays :D
#
sknebel
we've just not had very many people using .NET (I remember joel did too?)
#
cambridgeport90
So, Chad and I are on the right track, then? I forget his site, though, or I'd put it up here.
#
sknebel
if that's what you are comfortable developing web stuff with, sure
#
cambridgeport90
But that's good to know; maybe delete that wiki page? LOL
#
Zegnat
Hmm. That is harshly worded. I think what it is trying to say is that sometimes people get hung up on the object design, the api design on their classes, etc., while they could have gotten to writing code
#
Zegnat
I would not discard entire languages for being object oriented
#
Zegnat
is a big fan of the more object-oriented design patterns PHP has been introducing
#
cambridgeport90
Another idea I had is a cutsie little PowerScript that does webmention sending. You know those senders that are command line that currently exist? I don't think any of them currently use PS, do they?
#
Zegnat
That could definitely be fun!
#
Zegnat
It would be interested to see the split of different operating system users amongst the people who are active with indieweb stuff. It might just be that it skews away from Windows, and therefor little love is seen for .NET, PS, and the likes
#
cambridgeport90
My skills are very weak at the moment,but I'm getting the hang of it. I think that C# 9.0 is the best thing that ever happened to .NET; that and PowerShell having the full might of a programming language.
#
Zegnat
Then maybe starting with a webmention sender is just the thing to warm up with, cambridgeport90! Sounds like a lovely idea
#
cambridgeport90
I know,but where the heck would you use that in the grand scheme of things?
#
Zegnat
Maybe to test the soon to be build webmention receiver written in .NET? ;) I joke of course. Don't build things that you do not see a need for. Although building something for fun can be a need too. Or just building it to learn about the webmention spec.
#
cambridgeport90
I see it as part of a very geeky random workflow,but probably nothing that the average person would use.
#
cambridgeport90
It would work nicely for stuff that I work on a lot,though. Either that ... or could be used in conjunction with other things. Other .NET web applications could potentially borrow it, or something.
geoffo joined the channel
#
[tantek]
OOP << architecture astronomy
#
[tantek]
who knows how many countless hours have been saved by that page dissuading people from getting "hung up on the object design"
[tantek]1, j605, GWG, nolith, alex11, smacko, kiero, globbot and geoffo joined the channel
#
[tantek]1
btrem, you may be interested in the URL design page in particular
[snarfed], geoffo, [snarfed]1, GWG_, sknebel_, beko_, nolith1, geoffo_, sp1ff`, kiero, globbot, [chrisaldrich], smacko, alex11 and rrix joined the channel
#
@drhitchcocknz
Are there any #IndieWeb #Webmention pros out there that might be able to help me finish setting up webmentions on m… https://twitter.com/i/web/status/1345542514128822272
(twitter.com/_/status/1345542514128822272)
[jeremycherfas], ShadowKyogre, antonio[m], jjuran, [mapkyca], [KevinMarks], [mapkyca]1 and jeremych_ joined the channel; ShadowKyogre left the channel
#
jeremycherfas
For the first time, my Raspberry Pi had it's IP changed by the router. It wasn't too hard to adjust to, but I suppose I should continue researching how to give it a fixed IP from the router.
[schmarty] joined the channel
#
Zegnat
jeremycherfas: is it on WiFi? Most routers will have a view where you see all connected devices and their MAC IDs, that is often where you can also pin an IP to them
#
jeremycherfas
Yes, I've gone looking there and found all the connected devices, but not why it changed, or, yet, how to pin the IP. That will be important when I try to connect from outside this wifi network too.
clawfire1, ShadowKyogre, clawfire3, [schmarty]1, [schmarty], [KevinMarks] and gxt joined the channel; ShadowKyogre left the channel
#
@clawfire
Looking for help to implement webmentions on some Jekyll blogs. Please RT.
(twitter.com/_/status/1345767319792967681)
[Raphael_Luckom] joined the channel
#
[Raphael_Luckom]
what is security?
#
Loqi
security in the context of the indieweb may refer to security concerns regarding personal domains, web hosting, https setup, private data, identity etc https://indieweb.org/security
[snarfed] joined the channel
#
[snarfed]
security++
#
Loqi
security has 1 karma over the last year
villasv joined the channel
#
[Raphael_Luckom]
I have a slack API key that some of my services use. Right now, it's stored as an encrypted string in parameter store ( https://docs.aws.amazon.com/systems-manager/latest/userguide/systems-manager-parameter-store.html ). When one of my cloud functions needs it, that function needs permission to get the parameter, which includes the ability to decrypt it.
#
[Raphael_Luckom]
I'm thinking about removing the encryption on that parameter. Since (in my case) the permission to get the parameter also allows you to decrypt it, the only additional security the encryption is giving me is resistance against someone stealing the drive where the parameter is stored from the AWS datacenter.
#
[Raphael_Luckom]
I was looking to see if the security page on the wiki explores questions like that--how much is enough security, what do you want to be secure against. I think the indieweb is a pretty unique context where security is concerned. In a professional context, you have a responsibility to the people whose data you're storing to be clear, and probably conservative, about the security choices you make. In the indieweb, you have more
#
[Raphael_Luckom]
If I imagine an equivalent situation using Wordpress, I think that I'd include the Slack API key in plaintext _somewhere_ on the host server, and consider it "secure enough" as long as I protected the file carefully.
#
[Raphael_Luckom]
flexibility to decide which threats you care about and what level of risk you're willing to assume.
#
GWG
aaronpk: I'll have to check my code, even though I'm not using it right now.
#
villasv
qq: how about generating h-entry (and microformat markup in general) dynamically with JavaScript? This way I could plow through my CMS lack of indie web support, but I imagine it wouldn't work with all tooling.
#
[Raphael_Luckom]
might break a lot of webmention consumers. If you send me a webmention from example.com/foo, and I resolve that with curl, all my parser is going to see is the original markup of the page, and it won't find the microformat.
#
sknebel_
right, basically everything parses the source HTML, not the page DOM after running a browser
#
sknebel_
(browser extensions excepted I guess)
#
villasv
:-/ and probably most webmention implementations won't assume JS is required, right? Like basically all of them.
#
aaronpk
asking someone to run the JS on your page from server-side code is... frankly not reasonable
#
villasv
Sure, and I want as little JS as possible. I was just wondering how useful would that be, because I'd rather not change CMS at the moment and my only option as of today is custom JS. But I guess I'll scratch that idea.
#
villasv
Thanks, all :-)
#
[Raphael_Luckom]
Usually the "theme" or similar capability in a CMS is where you'd be able to add server-rendered support for microformats. I'm curious about the CMS you're using that that isn't an option
#
villasv
Long story short, I was writing my stuff on Notion and porting the finished stuff into my GitHub+Jekyll website. I wasn't enjoying the high maintenance of it and decided to try to use Notion as a CMS. Then I found about Super, which took care of building the static site for me.
#
villasv
The objective was to spend less time dealing with HTML and CSS and more time writing, and in that regard it was a success. But now comes the cost in lack of flexibility, because Super has very rudimentary suport for theming.
#
[Raphael_Luckom]
We've all been there 🙂. Interested to hear how you proceed.
#
villasv
I was able to configure my h-card, but h-entry is not feasible AFAICT. I know they are working on theming for the next release, so I was considering a hacky workaround for h-entries in the meantime.
#
villasv
I guess I'll just nag them about microformats for a while. If things don't evolve much, I'll shop for other solutions.
#
Zegnat
"Super" is not a very googlable name, haha
#
Zegnat
Ah, it is 100% a service and not something you can host yourself, judging from their website. If they aren't open-sourced anywhere and theming is rudimentary you are pretty stuck with how they decide to render your site :(
#
villasv
Yep, stuck ATM. But they're pretty new and release new stuff pretty regularly, I hope I can convince them to help me with microformats soon enough.
vilhalmer and [jgmac1106] joined the channel
#
[snarfed]
[Raphael_Luckom] re the high level security q, sounds like you’d be interested in thread modeling
#
[snarfed]
lots of great security thoughts in that direction, very valuable, but mostly not indieweb specific. same with web dev specific security.
#
[snarfed]
(with a few exceptions, eg IndieAuth and webmention spam, and more on the user facing side, eg webmention display, privacy and user expectations, etc)
#
[Raphael_Luckom]
the "not indieweb specific" part is what I struggle with. A lot of the indieweb protocol designs seem specifically geared towards "anyone can learn _just enough_ to participate, and not have to worry about #indieweb-dev-level intricacies." I love that about them. But it seems like there's no thought to "learn just enough about _security_ to participate"
#
[Raphael_Luckom]
like if we assume a given use case, like blogging or microblogging, it seems like we ought to be able to _do_ some of the obvious threat models in a generic way, reasoning all the way through them, in a way that would leave a beginner well informed without getting baffled by owasp or something
geoffo joined the channel
#
[Raphael_Luckom]
The reason that I bring it up even though I suspect it annoys people is that almost no one else has the right incentives. If you ask the big security teams to do these threat models, they're unlikely to consider "oauth2 creating a monopoly on sign in" to be a _threat_, and their models would end up biased towards infosec at the cost of monopolization.
[chrisaldrich], btrem and [tw2113_Slack_] joined the channel
#
[chrisaldrich]
What is Notion?
#
Loqi
Notion is a note-taking and multiple post drafting app that is apparently highly recommended for its clean user interface however lacks offline first support https://indieweb.org/Notion
#
btrem
Follow up to some questions I posted yesterday in #indieweb. I'm just getting started with 11ty. There are apparently lots of template languages to choose from. Any strong opinions here on ones to use and ones to avoid?
#
btrem
Other template languages I've used, which might help steer me in the right direction: I've used jinja2, liked it a lot. I've used handlebars, I liked it a lot less. Not terrible, but jinja2 seems more intuitive and cleaner to me.
#
[Raphael_Luckom]
One thing to consider is that different templating systems offer different levels of dynamism in the templates
#
[Raphael_Luckom]
like in the go templating system, you can kinda define subtemplates and subroutines in the templates. Some people really dislike that kind of thing, others like it
#
btrem
I don't think that should scare me. I thought jinja offered a fair number of features, and I was able to figure it out on my own without too much trouble.
#
btrem
I've actually never come across go, so I can't really compare it to what I have used.
#
btrem
(sorry, our messages crossed up)
#
[Raphael_Luckom]
right, I mean, I'd base your choice on what kind of logic you think is appropriate for templates. I'm more on the "anything goes" side, so I like the more flexible ones
#
[Raphael_Luckom]
then if there's a language you like, that narrows it down further. Like if you like jinja, maybe you're looking for a relatively-permissive python-native templating library?
#
btrem
Does 11ty support jinja? 'Cause that would make it easy.
#
btrem
I didn't see it listed in the tutorial I'm looking at.
#
btrem
One thing I really love about jinja is the ability to write my own filters. I only did one project with jinja, and adding my own filter made the python scripts much easier to read and debug.
#
[Raphael_Luckom]
looks like these are the docs: https://www.11ty.dev/docs/languages/#overriding-the-template-language
#
[Raphael_Luckom]
don't see jinja
#
[Raphael_Luckom]
nunjucks looks jinja-adjacent: https://www.11ty.dev/docs/languages/nunjucks/
#
btrem
Yeah, I didn't think so. I don't think any of those are python related.
#
[Raphael_Luckom]
always look for the dumb dev pun 🙂
#
[chrisaldrich]
villasv I haven't cracked it yet for things like Notion, Roam Research, etc. But I've been using Obsidian and looking at how to do roughly that same thing. If you manage it, do document it on that /Notion page or elsewhere on the wiki. Hopefully we'll have a Gardens & Streams II session where topics like yours will be the focus of the day: https://indieweb.org/2021/Pop-ups/Sessions#Gardens_.26_Streams_II
#
btrem
What's the dumb dev pun? (Apparently I'm a dumb dev because I missed it!)
#
[Raphael_Luckom]
jinja/ninja/nunjucks/nunchucks
#
btrem
Oh, right. Yeah, that's a dumb dev pun!
#
[Raphael_Luckom]
dumb like dad jokes
#
btrem
Actually, that sort of makes me laugh!
#
btrem
Yeah, I like dumb pun jokes. Even though I groan and roll my eyes when someone delivers one to me.
#
btrem
[Raphael_Luckom] nunjucks does look a lot like jinja. I think that's a winner, at least to get started. Thanks for the help.
#
btrem
[Raphael_Luckom]++
#
Loqi
[Raphael_Luckom] has 3 karma in this channel over the last year (5 in all channels)
vilhalmer, geoffo, ShadowKyogre, faucet, [Rose], wagle and [KevinMarks] joined the channel
#
[KevinMarks]
I've moved templates from jinja2 to nunjucks nd they mostly work (some slight nuances from inline code things). Nunjucks is neat in that you can use it server side or client side.
#
[KevinMarks]
I do sometimes find myself writing a bit too much code in the template vs the real language with nunjucks/jinja2
ShadowKyogre left the channel
#
[KevinMarks]
But yes, the macros are useful. I've done a bit with Hugo and the Go templates there and they're powerful too, but the inheritance model took some work to understand.
#
[Raphael_Luckom]
I found Go to be a struggle to understand as well. And then if you use the features, it's hard to share your work, because no one else can understand it without the effort
[tw2113_Slack_] and wagle joined the channel
#
btrem
I saw the danger of writing too much code in the template. I guess that's the appeal of logic-less templating systems like handlebars, but I found that way too limiting.
#
btrem
The neat thing I did in jinja: the guy who wrote the python scripts was sending page titles as arrays with the title as is for use inside <h1> and as a slug for use in urls. And it was hard to follow. So I added a slugify module and created a filter. Voila, <h1>title</h1> and <a href="title | slugify"/>.
#
btrem
And it was pretty easy to figure out the whole thing despite having very limited python experience and zero jinja experience until that project.
wagle and hoschi joined the channel