#dev 2021-01-26

2021-01-26 UTC
# 01:51 
jacky I'm working on 'enhancing' the client side experience of my site (some of it I'm aiming to move into Lwa once I finish the fusing of it and Lighthouse)
# 01:51 
Loqi jacky: [jgmac1106] left you a message 1 day, 9 hours ago: geared toward DoD since staring there first with cybersecurity but everything you do must swim in FCI and CUI (classifications for types of federally protected data in US outside of Classified) http://fcivscui.com/
# 01:52 
jacky some things are coming up as 'must-have': some sort of "chip" (like in Material Design) https://material.io/components/chips#usage to help with inline h-cards, client-side MF2 renders to 'enhance' content (or at least normalize it in a way that can encourage people to actually _read_ things) and other stuff
# 01:53 
jacky right now, I got the basis of the latter and some of the former going
# 01:53 
jacky my question though: should I _push_ to keep mf2 markup in these Custom Elements (https://developer.mozilla.org/en-US/docs/Web/Web_Components/Using_custom_elements)? I can see it being handy for people in the space that use static sites that are fully JavaScript (so then their markup when first rendered properly on the Web will be valid)
# 01:54 
jacky but like I don't know about after that
# 01:55 
jacky at _worst_, it'd be a bunch of tags like `<mf2-item class="h-entry" href="XXXX" />` or `<h-card href="XXXX" class="h-card" />` which (with a bit of messing with a mf2 parser) should still work with conventional parsers and be 'enhanced' when being used in a Web browser
# 01:55 
jacky scratches his head
[tantek] joined the channel
# 01:56 
[tantek] I mean why have separate tags at al?
# 01:56 
[tantek] why not just use an "x" tag like a span equivalent, or even an _ if that's allowed, since all the info is in class, href etc.
# 01:58 
jacky never considered `_`
# 01:58 
jacky I used specialized tags to optimize the rendering of some things
# 01:59 
jacky like an article would be different in presentation than me mentioning someone inline or even in a reacji
# 02:00 
jacky _but_ that does open an idea to perhaps consider something like `<mf2-item url="xxx" class="h-card" />`  and do more of that optimization based on the classes available to it!
[KevinMarks] joined the channel
# 02:04 
[KevinMarks] are these web components?
# 02:07 
[tantek] jacky, presumably class selector to modify rendering is just as convenient as an element selector
# 02:07 
[tantek] unless I'm missing something
# 02:07 
jacky [KevinMarks]: yeah
# 02:08 
jacky [tantek]: it def does work, I'm just slightly concerned that using a class list would require me to a bit of heuristics about what might be needed
# 02:08 
jacky I'd have to a bit more thinking
# 02:17 
jacky yeah doing it in a singular element would require a lot of 'magic' (it's not only getting the right post type but also aiming to optimize what's shown)
# 02:17 
[KevinMarks] so, I like the idea of web components, but each example I see tens to be "we replaced the built in elements with our own magic ones" - cf amphtml or https://shoelace.style/
# 02:19 
jacky IIRC shoelace is like a bridge to opinionated functionality of some built-ins and adding commonly crafted ones
# 02:19 
jacky which isn't terri-bad
# 02:19 
[KevinMarks] but using them for embedding meaningful chunks like h-card or h-event makes more sense to me; it seems to fit with the higher level thinking behind gutenberg in WP, or maybe the other rich chunk editors
# 02:20 
jacky I'm aiming to reduce duplication in my presentation and proactively improve what's shown on the context of the browser (are they logged in? did they already replied to this post? do they know others who might have interacted with it?)
# 02:20 
jacky [KevinMarks]: yup
# 02:20 
sknebel jacky: remember that if a parser is parsing something like <h-card href="XXXX" class="h-card" /> it will not look at any properties, because it decides what to do based on the tag (I hope I understand your use case correctly)
# 02:20 
jacky like tbh I can see an effective solution being something of a micro-social reader; one focused on a particular bit of content
# 02:21 
sknebel (i.e. if you don't care about a unmodified parser being able to parse the raw markup ignore what I said :D)
# 02:21 
jacky sknebel: yeah - that's the bit on having some parsers 'adapt' to some known field or hopefully expanding for that
# 02:22 
jacky ideally by then, I'd have something up like xray that  can do that to help ease those who'd want it to include it
# 02:22 
jacky but that's also if I stick to this idea lol
# 02:22 
[KevinMarks] could you make the custom element embed the content too though? Shoelace seems to do that
# 02:23 
jacky yeah you can do whatever, the DOM of the element, it's surrounding environment and its children are fully accessible
# 02:25 
[KevinMarks] the way shoelace uses slot feels a bit like mf properties
# 02:26 
jacky slots?
# 02:27 
jacky TIL https://wiki.csswg.org/ideas/mistakes
# 02:28 
jacky AH
# 02:28 
jacky https://developer.mozilla.org/en-US/docs/Web/HTML/Global_attributes/slot
# 02:28 
jacky slots
# 02:28 
jacky I didn't go this deep into Web Components
# 02:29 
jacky https://developer.mozilla.org/en-US/docs/Web/Web_Components/Using_templates_and_slots
# 02:29 
jacky lol I just `appendChild` for now tbh
# 02:29 
jacky but this is interesting
# 02:49 
[KevinMarks] well, this is a bit scary https://gomox.medium.com/google-safe-browsing-can-kill-your-startup-7d73c474b98d
[Raphael_Luckom] joined the channel
# 03:52 
[Raphael_Luckom] absolutely bonkers
ShadowKyogre, KartikPrabhu and alex11 joined the channel; ShadowKyogre left the channel
# 05:13 
jacky it's okay - google knows best </sarcasm>
jjuran, [KevinMarks], KartikPrabhu, swentel, ShadowKyogre, pikselaxam, BudaDude[m], aciccarello[m], khimaros[m], nekr0z, jamietanna[m], smacko[m], astrojl_matrix, JackyAlcin[m], Salt[m], marinin[m], fredcy_, Caleb[m]1, antonio[m], drhitchcock[m], [jgmac1106], deathrow1, schmudde, saptaks, DanC, dckc-, [tantek] and [chrisaldrich] joined the channel; ShadowKyogre left the channel
# 18:29 
[tantek] ugh that's pretty bad.
# 18:30 
bhavin192 That was scary indeed!
# 18:32 
bhavin192 [tantek], I tried to login to https://indieweb.org/ with my domain, it gives me few options like Twitter and GitHub, I'm going to enable PGP option for my site by following instructions given here https://indielogin.com/setup :D
# 18:32 
jacky it sucks big time because _every_ browser uses it
# 18:32 
jacky I think even Firefox does
# 18:32 
bhavin192 jacky, exactly :(
# 18:52 
[tantek] I'm looking into that for Firefox in particular, happy to follow up more in #indieweb-chat
# 18:52 
[tantek] bhavin192 awesome yes the PGP option should work, pretty sure a few other folks are using that
# 18:52 
[tantek] using your domain + PGP and no silos to sign-in is pretty awesome frankly
leg joined the channel
# 18:59 
[tantek] jacky, there's also a pretty big warning in there for anyone unwittingly allowing any user/customer to upload random files to their site which may be exploits etc. that attack other users/customers of that site
[Raphael_Luckom] joined the channel
# 19:10 
[Raphael_Luckom] and anyone trying to collaborate on security research on malicious files
# 19:13 
[Raphael_Luckom] it doesn't surprise me that the author of the post is in the security space. You can't really provide a service that protects people without accepting uploads of potentially-malicious files.
# 19:16 
[tantek] huh? it only says he is "Entrepreneur, investor and advisor." nowhere in his about or in the article does it say that the author "is in the security space" that I could tell
ccchapman joined the channel
# 19:17 
[Raphael_Luckom] "For context, InvGate (our company) is a SaaS platform for IT departments that runs on AWS with over 1000 SME and enterprise customers, serving millions of end users. This means our product is used by IT teams to manage issues and requests from their own users. You can imagine the pleasant reaction of IT Managers when suddenly their IT ticketing system starts displaying such ominous security warnings to their end users."
# 19:18 
[Raphael_Luckom] How do you run an IT ticketing system without letting users upload stuff?
# 19:19 
[tantek] IT ticketing system, nothing to do with security space
# 19:19 
[Raphael_Luckom] ok
# 19:19 
[tantek] I mean in general
# 19:19 
[tantek] it's not security specific per se
# 19:19 
[Raphael_Luckom] ok
# 19:20 
[tantek] right this is a general problem for anyone setting up a silo / service for users to upload stuff
# 19:20 
[tantek] problem / responsibility
# 19:20 
[tantek] you can't allow your users to upload arbitrary binary stuff which could be exploits
# 19:21 
[tantek] also interesting from a Micropub perspective, of separating your media upload endpoint perhaps even on a different domain than your primary Micropub endpoint
# 19:21 
[tantek] that's where I'm curious about this from an IndieWeb perspective
lahacker, ShadowKyogre and [KevinMarks] joined the channel
# 20:03 
[KevinMarks] Right, the stuff I do for svgshare.com is instructive
ShadowKyogre, schmudde and kitt joined the channel; ShadowKyogre left the channel
# 20:40 
lahacker kevinmarks have you released that anywhere?
[fluffy], [Raphael_Luckom] and [timothy_chambe] joined the channel
# 21:40 
[KevinMarks] It's open source - but basically I parse the svg with html5lib and then rip the script out
# 21:42 
[KevinMarks] https://github.com/kevinmarks/svgurl
# 21:42 
Loqi [kevinmarks] svgurl: Image sharing for SVG
# 21:43 
[KevinMarks] It's py 2.7 on appengine, so not exactly cutting edge, but that backend does scale well.
jjuran, [tantek] and [snarfed] joined the channel; ShadowKyogre left the channel
# 22:12 
[Raphael_Luckom] to (maybe) carry over a conversation from #indieweb-chat, my reason for liking dynamo is that, when I imagine the amount that one, single user is going to use a DB for their social media, and then I think about how I'd chop up one cluster's worth of capacity so that thousands of users could securely have their own access to it, I feel like dynamo is a pretty reasonable end-point. It's not great. If I had 100k users I wouldn't put them
# 22:12 
[Raphael_Luckom] on dynamo. But what system would handle _one_ user better?
# 22:24 
[tantek] what is dynamo
# 22:24 
Loqi It looks like we don't have a page for "dynamo" yet. Would you like to create it? (Or just say "dynamo is ____", a sentence describing the term)
# 22:25 
[Raphael_Luckom] dynamo is Amazon Web Services' most popular pay-as-you-go NoSQL database
# 22:25 
Loqi ok
# 23:17 
[fluffy] Technically it’s DynamoDB
# 23:17 
[Raphael_Luckom] yeah, I should have done that instead.
# 23:23 
[tantek] what is DynamoDB?
# 23:23 
Loqi DynamoDB is a key/value database service provided by Amazon Web Services https://indieweb.org/DynamoDB
# 23:23 
[tantek] then edit the previous one to be a redirect
# 23:23 
[tantek] oh it was already there