#dev 2021-01-17

2021-01-17 UTC
[tantek], newsoul, jeremycherfas, Ruxton_, KartikPrabhu, beko, trmarvin, [tw2113_Slack_], craftyphotons__, kitt, [tantek]1, leg and nickodd joined the channel
# 08:45 
@stevenjmesser ↩️ Looks good! Might give it a go.

Which version of Jekyll are you using? I haven’t been able to get Webmentions to work after v4... (twitter.com/_/status/1350725371927404544)
dhanesh, KartikPrabhu and jeremycherfas joined the channel
# 11:00 
@jaygooby ↩️ Jekyll 4.2.0 with the default minima theme.

What were you using for tracking the mentions? http://webmention.io or something else? (twitter.com/_/status/1350759532784455681)
[KevinMarks] joined the channel
# 12:15 
@stevenjmesser ↩️ http://Webmention.io, yeah, but downloaded a Jekyll gem for displaying them. Presumably you coded yours yourself? (twitter.com/_/status/1350778001500348418)
[schmarty] joined the channel
# 13:00 
@jaygooby ↩️ Have a look at https://jay.gooby.org/2021/01/15/getting-webmentions-and-bridgy-working - I pretty much just used Matt Hobbs’s https://gist.github.com/Nooshu/121e5bf7f3d5c6528413c57db257894f

As long as you can see pings to your blog in http://webmentions.io/dashboard then that JS is all you need to fetch and show the mentions - just change domains to reference your own (twitter.com/_/status/1350789575464124418)
# 13:10 
@flobrinkmann Dank Webmentions (danke @pfefferle für den Vortrag übers IndieWeb beim @wp0711) ist die Konversation unter dem Twee… https://twitter.com/i/web/status/1350791240980295684 (twitter.com/_/status/1350791240980295684)
jeremych_, ShadowKyogre, [jgmac1106], [Raphael_Luckom] and nickodd joined the channel; ShadowKyogre left the channel
# 15:02 
jeremycherfas Backed up the USB 3.1 drive that is now running the Rpi (in a USB 2 slot) and data transfer was 14 times faster. So that's nice.
# 15:05 
@flobrinkmann ↩️ Ich habe das hier als Ausgangspunkt (https://de.wordpress.org/plugins/indieweb/) und dann das Webmention- und Semantic-Linkbacks-Plugin, ich glaube das müssten die sein, damit das funktioniert. Und die Webmentions kriege ich über http://brid.gy (twitter.com/_/status/1350820291518328832)
# 15:05 
@flobrinkmann ↩️ Ich habe das hier als Ausgangspunkt (https://de.wordpress.org/plugins/indieweb/) und dann das Webmention- und Semantic-Linkbacks-Plugin, ich glaube das müssten die sein, damit das funktioniert. Und die Webmentions kriege ich über http://brid.gy (twitter.com/_/status/1350820291518328832)
schmudde and jamietanna joined the channel
# 15:50 
aaronpk mcepl: that’s correct, it should redirect again after redirecting to /openid/complete
mcepl joined the channel
# 15:51 
aaronpk oops
# 15:51 
aaronpk mcepl: that’s correct, it should redirect again after redirecting to /openid/complete
# 15:51 
mcepl problems with logging in to OpenStreetMap via OpenID
# 15:51 
mcepl see at #indieweb
# 15:53 
aaronpk oh i see, new error message i added the other day
# 15:53 
mcepl when testing with indieauth.com my setup seems to be correct.
# 15:53 
aaronpk actually reporting the error message on the sacreen would hav been helpful :)
# 15:54 
mcepl sacreen??? What's that?
# 15:54 
aaronpk screen
# 15:57 
mcepl this is the OSM login page https://is.gd/Yejwcl
# 15:57 
mcepl this is the next screen I see https://is.gd/Bt65hm
# 15:57 
aaronpk Yes I see now
[KevinMarks], nickodd, [tantek] and Ahmad joined the channel; ShadowKyogre and nickodd left the channel
# 20:09 
[tantek] heh tangentially related: https://shkspr.mobi/blog/2021/01/thats-not-how-2fa-works/
# 20:09 
[tantek] what is 2FA
# 20:09 
Loqi multi-factor authentication (commonly two-factor authentication, abbreviated 2FA or TFA) is an authentication process that requires at least a second component to a standard authentication method https://indieweb.org/2FA
# 20:09 
[tantek] 2FA << Common misconception(s): https://shkspr.mobi/blog/2021/01/thats-not-how-2fa-works/
# 20:09 
Loqi ok, I added "Common misconception(s): https://shkspr.mobi/blog/2021/01/thats-not-how-2fa-works/" to the "See Also" section of /multi-factor_authentication https://indieweb.org/wiki/index.php?diff=74282&oldid=71260 
# 20:16 
aaronpk that's what i call phishable 2fa vs non-phishable 2fa
ShadowKyogre joined the channel; ShadowKyogre left the channel
# 20:52 
[tantek] what is recent changes
# 20:52 
Loqi recent changes is a stream of updated posts or pages from a site, ordered by most recently updated first, commonly known from wikis like the IndieWeb https://indieweb.org/Special:RecentChanges page https://indieweb.org/recent_changes
# 20:52 
[tantek] go for it GWG, add your brainstorming, WordPress default support etc.
# 20:52 
[tantek] what are recent updates
# 20:52 
Loqi It looks like we don't have a page for "recent updates" yet. Would you like to create it? (Or just say "recent updates is ____", a sentence describing the term)
# 20:52 
[tantek] recent updates are /recent_changes
# 20:52 
Loqi ok
[schmarty] and [Raphael_Luckom] joined the channel
# 21:09 
[Raphael_Luckom] re: hardware security tokens, I like them as a concept, but the web USB API seems like a catastrophe waiting to happen. ( https://wicg.github.io/webusb/#security-and-privacy ) . Specifically, the interface between the USB and the device you plug it in to is very powerful and not very secure, and web USB only seems to let you ask for coarse-grained permissions
# 21:11 
aaronpk hardware security keys don't use web USB
# 21:11 
sknebel tokens don't use that though
# 21:11 
sknebel jinx
# 21:11 
[Raphael_Luckom] oh cool! what do they use?
# 21:11 
aaronpk webauthn
# 21:12 
sknebel support is build in the browser itself, and that offers the webauthn api to the website
# 21:12 
[Raphael_Luckom] huh. I have reading to do. thanks!
# 21:12 
aaronpk that's how a fingerprint reader or faceid can also be used as a hardware security key
# 21:14 
sknebel (the various hardware-access Web* APIs are indeed a concern, although I have to admit the alternative is often worse, so I'm not as categorically againt them as many others)
# 21:16 
[Raphael_Luckom] So far security keys are the only hardware I've ever _intended_ to interact with a website. If they're not using webusb I'm perfectly happy to recline back into obliviousness 😄
[tw2113_Slack_] and [Tamar] joined the channel; robindrake left the channel
# 22:12 
sknebel really two perspectives: one is "more complexity in the browser, and you can talk users into giving websites access to hardware and that's terrible" vs "without it, to do things with some hardware you need to make users download 'random' executables that can whatever they want and that's terrible"
# 22:12 
sknebel and you get to pick whats worse
# 22:14 
sknebel (with maybe WebMIDI as an exception where there's a middle-ground of "can do some things, but is very safe", where the question mostly plays out for additional features
# 22:14 
[Raphael_Luckom] that's a good way to put it
ShadowKyogre left the channel
# 22:25 
[KevinMarks] USB is a bit of a mess anyway as it is a huge rats nest of protocols, so abstracting out the useful ones (like pointing devices, sound input, midi, auth tokens) at the browser level is a good approach
# 22:34 
sknebel the ones that need "weird" software otherwise are exactly not the ones that fall in those categories (well, auth tokens are kinda that, depending on how you see it)
nertzy, [tw2113_Slack_]1 and [chrisaldrich] joined the channel