#dev 2021-04-27

2021-04-27 UTC
timculverhouse, Seirdy, [Rose], [tantek], Paul[m]5, [chrisaldrich] and IWSlackGateway joined the channel
#
aaronpk anomalily sent me this https://stylestage.dev/styles/
#
jacky interesting note re: new HTTP Method https://httptoolkit.tech/blog/http-search-method/
#
jacky aaronpk: oh that's cool
Seirdy, [tw2113_Slack_], [chrisaldrich] and jacky joined the channel
#
@BiswasSholanki Webmentions in Ghost and the challenges that I faced and still ongoing. My take on it in @hashnode #programming https://shobiz.hashnode.dev/webmentions-in-ghost-and-the-challenges-that-i-faced (twitter.com/_/status/1386937046468419584)
[pfefferle] joined the channel
#
@tomlarkworthy ↩️ Note these are IndieAuth tokens, a decentralised identity, so they could be used with any independent service provider that accepts indieweb login, so @appwrite_io could use these tokens if they wanted (just ignore the OIDC fields). (twitter.com/_/status/1386949028185878528)
__minoru__shirae and [tantek] joined the channel
#
@tomlarkworthy ↩️ Might well be possible.... https://github.com/appwrite/appwrite/issues/410#issue-638203763 ideally it would do IndieAuth itself, but a secondary option is to reuse a federated one (http://IndieAuth.com or mine) as an oauth 2 identity provider. (twitter.com/_/status/1386952944306774017)
loicm joined the channel
#
@eldadfux ↩️ Hey Tom, Is http://IndieAuth.com fully compatible with OAuth2? If yes, adding it to Appwrite should be very easy :) (twitter.com/_/status/1386954536632336385)
#
@tomlarkworthy ↩️ Yes, if reusing an indieauth server its additional constraints over oauth 2.0 (client id is URL and must match redirect Uri, Public clients only, pkce). The IndieAuth server impl tho is additional way to dynamically discover user supplied oauth endpoints from an identity url (twitter.com/_/status/1386957307431596032)
__minoru__shirae and [KevinMarks] joined the channel
#
[KevinMarks] Sounds useful https://twitter.com/mikewest/status/1386932250391023619?s=20
#
@mikewest HTML sanitizers are critical to web applications, mitigating the risk of XSS when working with untrusted strings. The HTML Sanitizer API is a work-in-progress (behind a flag in Chrome and Firefox) that shifts responsibility for this task to the browser: https://wicg.github.io/sanitizer-api/ (twitter.com/_/status/1386932250391023619)
tomlarkworthy, [pfefferle], [grantcodes], timculverhouse, shoesNsocks, barnabywalters, loicm, [kimberlyhirsh], [jgmac1106], Balba, [tantek], [aciccarello], [KevinMarks] and [chrisaldrich] joined the channel
#
@ChrisAldrich ↩️ I've wanted to try out Ghost, but this part has been a blocker. https://indieweb.org/webmention.js might be a place to look for some inspiration. I'd invite you to join us for this upcoming event which will certainly touch on your topic: https://events.indieweb.org/2021/05/webmentions-beyond-webmention-io-zG4JpHhZShVA (twitter.com/_/status/1387084741657178115)
[tw2113_Slack_] and [schmarty] joined the channel
#
@dev_nikema Webmentions – let’s go! https://nikemaprophet.com/webmentions-lets-go/?utm_source=ReviveOldPost&utm_medium=social&utm_campaign=ReviveOldPost (twitter.com/_/status/1387101793642033155)
KartikPrabhu, tomlarkworthy, leo60228, nertzy, fredcy_, astrojl_matrix, jamietanna[m], [chrisaldrich] and shoesNsocks1 joined the channel
#
jacky does anyone have an idea of how many times their tokens on their site are verified? curious about some concept of 'benchmarking' for every-day use (whatever that might mean to a person)
#
petermolnar is there a nice way to make a browser, that doesn't support svg fall back to, say, png?
#
petermolnar (eg. obscure browsers, like dillo)
#
[schmarty] does it support <picture> ? 🤔
#
jacky outside of using JavaScript? I don't know
#
jacky yeah that's the other option
#
jacky granted, if you know the dimensions, you can render a minimum size for the svg and use the png as a background
minoru_shiraeesh joined the channel
#
petermolnar dillo is html 4.01 :)
#
petermolnar so no picture, no
#
@chrisfinazzo Testing Webmentions (twitter.com/_/status/1387129186729529346)
[KevinMarks], shoesNsocks, KartikPrabhu and [aciccarello] joined the channel
#
[schmarty] dang i am not sure how to debug this issue with https://kapowski.schmarty.net/ - i have it set up as a custom domain on glitch, and my DNS looks correct, so this seems like something on their side. but i have no visibility into it.
#
[schmarty] i've never seen an SSL error like this. firefox calls it "SSL_ERROR_ACCESS_DENIED_ALERT". curl is like: curl: (35) error:14094419:SSL routines:ssl3_read_bytes:tlsv1 alert access denied
#
[schmarty] i'm just an old man. shaking my fist at a cloud. asking it to please work.
#
aaronpk tlsv1?
#
aaronpk is glitch using an old version of tls?
#
jacky possibly lol
#
jacky like it was fixed to tls1.1 (I remember this so vividly because I wanted it to work with my domain name but that and HSTS led to a weird issue)
[snarfed] joined the channel
#
[snarfed] sounds like tls version mismatch
#
[snarfed] yup, `openssl s_client -connect kapowski.schmarty.net:443` complains, but when i add `-tls1` or `-tls1_1`, it’s fine
#
[snarfed] you probably need to tell your server to allow tls1.2
#
[schmarty] It's glitch.com's proxy service server and not mine 😭
#
[snarfed] hmm. are all sites on that proxy service broken in modern browsers then? sounds unlikely, maybe find another and see? if not, it’s probably not tls version
#
[snarfed] https://support.glitch.com/t/restrict-to-tls-1-2-protocol-only/31806/2 is relevant but also confusing, not sure how cloudflare is involved, or how you could configure anything SSL-related in DNS like one person claims
[Rose], dietricha and [tantek] joined the channel
#
@Fox_Marc_yTw Show HN: Federated IndieAuth Server implemented as a notebook https://ift.tt/3gKoInc https://ift.tt/2R13p5S (twitter.com/_/status/1387166530941632524)
[chrisaldrich] joined the channel