#dev 2021-04-13

2021-04-13 UTC
[chrisaldrich] joined the channel
# 00:19 
[chrisaldrich] https://projectnaptha.com/ is another fun tool that will allow you to cut and paste text from within images. I believe it's an open source project for those who want pieces for their own sites.
paramdeo, Seirdy, __minoru__shirae, [chrisaldrich], [jeremycherfas], KartikPrabhu, jacky, [KevinMarks], alex11, deltab, shoesNsocks1, [schmarty], [tantek], [manton], [tw2113_Slack_], [Rose], leo60228, tru-is, sumner and lahacker joined the channel
# 18:54 
[KevinMarks] From #microformats - I meant following as in using monocle to read feeds. I do that with mastodon now
[pfefferle] joined the channel
# 19:08 
[tantek] Oooh, that would be a very good user flow to document as an example on /follow like with Monocle screenshots that walk through the process of following someone on Mastodon
# 19:08 
[tantek] (would also likely reveal opportunities for improving the UX, which is why this is a good dev conversation)
__minoru__shirae, [jeremycherfas] and [chrisaldrich] joined the channel
# 21:39 
jacky so I'm still hacking on this small indieauth endpoint thing
# 21:40 
jacky I really _don't_ want to write any UI-facing code for this (like I want it to provide endpoints but the bit for confirming identity is blocking me)
# 21:40 
jacky been using this lunch break to think if I want to ship it with a small PWA/web-browser-app so it can be used as that
# 21:41 
jacky but I think it (that UI) can also double as a demonstration to do this without tying it to a particular interface
# 21:41 
jacky reasons: doing this in an automated fashion (like if someone uses a service to sign up for a IndieAuth endpoint)
Seirdy joined the channel
# 21:48 
jacky eh, might just give it a small UI for now
[KevinMarks], __minoru__shirae, astralbijectio and [raph_l] joined the channel
# 23:44 
[raph_l] I have a question about a security design I'm thinking of using for a website plugin architecture, but it's not explicitly indieweb-specific. Does anyone know of a community where that kind of question is appropriate? I tried security stack overflow but no answers so far.
# 23:48 
jacky if you don't mind splunking, I lean on OWASP for things
Seirdy joined the channel
# 23:49 
jacky like there's a list of attacks https://owasp.org/www-community/attacks/
# 23:49 
jacky and from there, I look for common approaches to solve them
# 23:49 
jacky if my tooling doesn't already have that in mine
# 23:50 
jacky that said, I'm down to talk on musings around that
# 23:50 
jacky I'm still trying to figure out the above (I have an idea but I don't like too much)
# 23:52 
[raph_l] Thanks, those links are helpful, I'll go through those and see if what I'm thinking of fits any. I wrote up my idea here, in an i-think-this-should-work-therefore-I'm-suspicious kind of way: https://raphaelluckom.com/posts/isolation_proposal_001.html
# 23:53 
[raph_l] When you say "really don't want to write any UI code" does that mean "don't want any ui code" or ui code is ok as long as someone else writes it?
# 23:58 
jacky as long as someone else writes it
# 23:58 
jacky like I want to (ideally) out-source the consent screen
# 23:58 
jacky what is consent screen
# 23:58 
Loqi consent screen is the page you see during an OAuth flow that asks whether you want to allow the application you're logging in to to be able to access the data it's requesting https://indieweb.org/consent_screen
# 23:59 
jacky I think I can get around this by providing another endpoint that has a Micropub-esque API to do the R & U of CRUD against incoming requests
# 23:59 
jacky the 'tricky' bit here is a bit ironic: how to secure _that_ endpoint