#dev 2021-09-14

2021-09-14 UTC
jeremycherfas, maxwelljoslyn[d], sebbu and [tw2113_Slack_] joined the channel
#
[schmarty] I was having trouble with glitch.com earlier today as well ☹
#
capjamesg[d] [KevinMarks] Indeed. I am likely going to treat them as what one would call a "backlink" right now, acknowledging that not all sites in the engine support sending likes.
#
capjamesg[d] Good tip [KevinMarks]++
#
Loqi [KevinMarks] has 16 karma in this channel over the last year (45 in all channels)
hendursa1 and tetov-irc joined the channel
#
capjamesg[d] Does anyone know how to implement multithreading in Python? I have a few questions.
#
sknebel sure, ask
#
@jamesvandyne Why did I wait this long to add a turbo-frame for webmention approval? So much nicer. #IndieWeb #Tanzawa (twitter.com/_/status/1437733597662744577)
#
capjamesg[d] sknebel I want to run my web crawler across multiple threads. concurrent.futures is working well (it doesn't crash, it's super fast, is indexing content) but I don't know how to add another job to work on after all initial jobs are complete.
#
capjamesg[d] So I can crawl the URLs in a sitemap but every time I want to schedule a new future for a URL that was just discovered, nothing seems to happen.
#
capjamesg[d] Happy to share my code if it helps sknebel.
#
capjamesg[d] If you have any tips on adding a queue to any multithreading tool in python (doesn't necessarily have to be concurrent.futures) that would be great.
#
sknebel hm, you should be able to just submit new tasks to the running executor
#
capjamesg[d] https://gist.github.com/capjamesg/6c4185303cec9e8af1af8d6f347306e8
#
capjamesg[d] [edit] https://gist.github.com/capjamesg/6c4185303cec9e8af1af8d6f347306e8
#
capjamesg[d] That's what I thought too. But something seems to fail.
#
capjamesg[d] print("{} not indexed, added".format(item)) runs so I know that new URLs are added but after the initial jobs the new ones that were supposed to be run don't run.
#
sknebel hm, looks good on first glance
#
sknebel will take a deeper look this evening
#
capjamesg[d] Much appreciated!
#
[jacky] Does anyone do some sort of 'verification' of the use of incoming tokens based on things like their host, IP, etc?
#
[jacky] (IndieAuth question ^)
#
[jacky] I'm asking because I have a case where I want my site to have tokens to interact with other little things (like my Webmention server or Micropub server) but I'm not sure how to begin that request flow or hint to the IndieAuth server that it should only expect things to come from certain sources
#
aaronpk I would not recommend doing IP based checking of things, that's what a token is for in the first place
#
[jacky] Hm okay. I guess I'm being slightly paranoid then - to assume that someone else from a different IP has the token would be enough to assume it to be compromised
#
aaronpk Yea it's usually safe enough to assume your own backend components can protect an api key they are storing
#
aaronpk if you're really paranoid you can use public-private key authentication of some sort instead of shared secrets but it's a bit more complicated
#
[jacky] Hm yeah, that'd be nudging it a bit into extreme mode (like who should help with issuing? is it more of a TOFU-esque approach? etc)
#
[jacky] ty!
#
sknebel [jacky]: if you want to do that, I'd treat it as a setting assocated with the token
#
sknebel things like that sound like explicitly manually setup tokens anyways
#
[jacky] true
#
[jacky] I have space in my table for tokens to do that
#
[jacky] but I'll give it a bit more though
#
[jacky] *thought
#
sknebel (i.e. tokens that don't expire etc - you could attach just a field for other restrictions to them and then add IP or whatever limits)
#
[jacky] Yeah, though, I think I'm going to drop the IP requirements and make it into a hostname thing mainly because I know it'll be very likely to change
#
sknebel that's very much down to how you do your infrastructure, yeah
#
GWG [jacky]: I store extra info on token usage, such as last IP accessed, but don't verify much
#
GWG [jacky]: Do you want to limit tokens to certain resources?
#
GWG Like https://github.com/indieweb/indieauth/issues/82
#
Loqi [dshanske] #82 Adopt Resource Indicators or similar system to limit token access to resources
#
[jacky] Yeah actually, that _should_ work this in this case (in a hacky way)
#
GWG [jacky]: If you implement it or think about it, comment on the issue?
#
[jacky] I'll make a note to do so
shoesNsocks and hendursaga joined the channel
#
GWG [jacky]: This is why we had more IndieAuth popups than anything else....lots to discuss
#
[tantek] what is travisci
#
Loqi TravisCI is a SaaS company that allows developers to have Continuous Integration and Delivery for their GitHub projects at https://travis-ci.org https://indieweb.org/TravisCI
#
[tantek] huh, no IndieWeb examples. I guess that's good? because ...
#
[tantek] TravisCI << Ooops: https://twitter.com/peter_szilagyi/status/1437646118700175360
#
@peter_szilagyi Between the 3 Sept and 10 Sept, secure env vars of *all* public @travisci repositories were injected into PR builds. Signing keys, access creds, API tokens. Anyone could exfiltrate these and gain lateral movement into 1000s of orgs. #security 1/4 https://travis-ci.community/t/security-bulletin/12081 (twitter.com/_/status/1437646118700175360)
#
Loqi ok, I added "Ooops: https://twitter.com/peter_szilagyi/status/1437646118700175360" to the "See Also" section of /TravisCI https://indieweb.org/wiki/index.php?diff=76964&oldid=32650
#
[tantek] ^ if anyone is using TravisCI on their own public repo projects, you might want to read up on that
#
aaronpk omg
#
aaronpk i stopped using it when they shut down the .org and moved everyone over to the .com
#
capjamesg[d] That's a big "Ooops" [tantek]
#
GWG What is everyone working on today?
#
Loqi It looks like we don't have a page for "everyone working on today" yet. Would you like to create it? (Or just say "everyone working on today is ____", a sentence describing the term)
#
[tantek] that would be a great page to have with live updates / feeds from everyone's /now pages?
#
[tantek] s/?/!
#
aaronpk i've been wanting a feature in aperture to enable this kind ofthing, where you can configure a particular channel to show only the latest post from each subscription
rockorager joined the channel
#
[aciccarello] Bring back facebook statuses 😉
#
[tantek] I mean really in list form that would be AIM statuses 🙂
#
npd[m] omg yes I so want AIM statuses of my friends again
#
capjamesg[d] npd[m] I never had them but I'd love them 😄
#
capjamesg[d] Although I wouldn't want to advertise my status to everyone on my site.
#
capjamesg[d] I don't think most people would care about "James is working" or "James is sleeping" or "James is chatting away in Discord" but some people would 😄
#
[tantek] capjamesg[d] I feel like we've seen some folks do that as part of their h-card
#
capjamesg[d] What is status?
#
Loqi status is typically short for status update, though may also refer to the use of post status in Micropub, or indicating whether an event is cancelled or has some other event status https://indieweb.org/status
#
capjamesg[d] I think rhiaro does it.
#
[KevinMarks] wasn't that the original twitter idea?
#
[tantek] except they never presented it as such
#
[tantek] rather than present a list of people with status next to each person, Twitter presented a list of statuses with person next to each status
#
[KevinMarks] https://twitter.com/Twitter/status/1042104058507653121?s=20
#
@Twitter .@jack’s very first drawing of us back in 2005. Love ya, Dad! https://pbs.twimg.com/media/DnZMHbeX0AANo2t.jpg (twitter.com/_/status/1042104058507653121)
#
[tantek] yes the UX to create was similar, but not the UI to view
#
GWG Google Chat has aim like statuses
#
[chrisaldrich] How much better the world might be if only he'd followed a more design oriented path with those curlicues instead of quadrupling down surveillance capitalism...
#
[aciccarello] Github added statuses but I've never used the feature
#
[tantek] I've seen people using GH statuses for pronouns
#
[fluffy] Discord also has AIM-style statuses
tetov-irc, hendursaga and sayanarijit[d] joined the channel