#[chrisaldrich]https://projectnaptha.com/ is another fun tool that will allow you to cut and paste text from within images. I believe it's an open source project for those who want pieces for their own sites.
paramdeo, Seirdy, __minoru__shirae, [chrisaldrich], [jeremycherfas], KartikPrabhu, jacky, [KevinMarks], alex11, deltab, shoesNsocks1, [schmarty], [tantek], [manton], [tw2113_Slack_], [Rose], leo60228, tru-is, sumner and lahacker joined the channel
#[KevinMarks]From #microformats - I meant following as in using monocle to read feeds. I do that with mastodon now
[pfefferle] joined the channel
#[tantek]Oooh, that would be a very good user flow to document as an example on /follow like with Monocle screenshots that walk through the process of following someone on Mastodon
#[tantek](would also likely reveal opportunities for improving the UX, which is why this is a good dev conversation)
__minoru__shirae, [jeremycherfas] and [chrisaldrich] joined the channel
#jackyso I'm still hacking on this small indieauth endpoint thing
#jackyI really _don't_ want to write any UI-facing code for this (like I want it to provide endpoints but the bit for confirming identity is blocking me)
#jackybeen using this lunch break to think if I want to ship it with a small PWA/web-browser-app so it can be used as that
#jackybut I think it (that UI) can also double as a demonstration to do this without tying it to a particular interface
#jackyreasons: doing this in an automated fashion (like if someone uses a service to sign up for a IndieAuth endpoint)
[KevinMarks], __minoru__shirae, astralbijectio and [raph_l] joined the channel
#[raph_l]I have a question about a security design I'm thinking of using for a website plugin architecture, but it's not explicitly indieweb-specific. Does anyone know of a community where that kind of question is appropriate? I tried security stack overflow but no answers so far.
#jackyif you don't mind splunking, I lean on OWASP for things
#jackyand from there, I look for common approaches to solve them
#jackyif my tooling doesn't already have that in mine
#jackythat said, I'm down to talk on musings around that
#jackyI'm still trying to figure out the above (I have an idea but I don't like too much)
#[raph_l]Thanks, those links are helpful, I'll go through those and see if what I'm thinking of fits any. I wrote up my idea here, in an i-think-this-should-work-therefore-I'm-suspicious kind of way: https://raphaelluckom.com/posts/isolation_proposal_001.html
#[raph_l]When you say "really don't want to write any UI code" does that mean "don't want any ui code" or ui code is ok as long as someone else writes it?
#Loqiconsent screen is the page you see during an OAuth flow that asks whether you want to allow the application you're logging in to to be able to access the data it's requesting https://indieweb.org/consent_screen
#jackyI think I can get around this by providing another endpoint that has a Micropub-esque API to do the R & U of CRUD against incoming requests
#jackythe 'tricky' bit here is a bit ironic: how to secure _that_ endpoint