#dev 2021-09-30

2021-09-30 UTC
hendursaga, mambang[m], akevinhuang2, maxwelljoslyn[d], [chrisaldrich], hendursa1, neocow, tetov-irc and shoesNsocks joined the channel
# 12:20 
GWG capjamesg[d]: At HWC, petermolnar mentioned the  opensearch description format. Are you familiar?
# 12:20 
petermolnar I has been summoned: https://petermolnar.net/opensearch.xml
# 12:20 
petermolnar but praise aaronpk for that, I copied most of his stuff
# 12:21 
petermolnar plus `<link rel="search" type="application/opensearchdescription+xml" href="/opensearch.xml <view-source:https://petermolnar.net/opensearch.xml>" title="petermolnar.net">` in the html meta
# 12:23 
petermolnar oh, right: GWG, in theory, adding &json to my search, like https://petermolnar.net/search.php?qsub=search&q=indieweb&json results in a wordpress-compatible json blob.
# 12:24 
GWG petermolnar: I am giving you credit for reminding me that existed.
# 12:24 
GWG I forgot about it
# 12:24 
GWG But I thought it would interest capjamesg[d]
akevinhuang joined the channel
# 12:53 
capjamesg[d] Thanks GWG! It is indeed. A few people suggested I add OpenSearch to the IndieWeb engine so I did. But I sort of wish there was more documentation around it.
# 12:53 
capjamesg[d] GWG++
# 12:53 
Loqi GWG has 13 karma in this channel over the last year (100 in all channels)
# 12:54 
capjamesg[d] petermolnar I am experimenting with JSON results for IndieWeb search too:  https://indieweb-search.jamesg.blog/results?query=Hidden+gem&serp_as_json=results_page
# 12:54 
capjamesg[d] I haven’t decided whether to include full HTML yet.
# 12:55 
capjamesg[d] If I did it would basically give anyone the ability to build cool extensions which I think is nice.
# 13:21 
capjamesg[d] Does JSON Feed have a Python parser? https://www.jsonfeed.org/code/
# 13:22 
capjamesg[d] Silly question. Ignore that 🙂
# 17:45 
aaronpk 2 down 1 to go
# 17:47 
aaronpk progress...
# 17:48 
aaronpk home page is back
# 17:53 
aaronpk last machine... i don't see the X3 cert on it but it's still failing
# 18:00 
@fluffy ↩️ I'd love if Mastodon had more active support for #IndieWeb protocols. Supporting IndieAuth as a login server, for example, and TicketAuth to allow friends-only content feeds. Also h-feed or better Atom support. (twitter.com/_/status/1443635648741535744)
[fluffy] joined the channel
# 18:06 
[fluffy] This X1 to X3 change seems to have caught a lot of the Internet by surprise. I'm lucky that all that broke for me was the cert chain on my dovecot server (which was because I was accidentally using `cert.pem` instead of `fullchain.pem`).
# 18:07 
[fluffy] Which, incidentally, seems to be the correct fix for a lot of servers, just making sure you're using the full chain instead of the single cert.
# 18:07 
[fluffy] and also doing a forced renewal if necessary
# 18:07 
aaronpk my problem is on the client side not the server side
# 18:07 
benatkin If an IndieAuth client for something needing high security required the Authorization Endpoint Link to be in the header rather than HTML, would it still be considered an IndieAuth client? How about if a <link> was in the head? Maybe show a warning instead? HTML is more often user editable than headers
# 18:08 
[fluffy] Such a mess though 😞
# 18:08 
aaronpk i don't understand, the X3 cert is *not* on this machine anymore but curl is still failing
# 18:09 
aaronpk removing it worked on 2 of the other machines
# 18:09 
aaronpk also weird, wget works on this machine that curl is failing on
# 18:17 
aaronpk i'm giving up on it, i think things are working again even tho command line curl doesn't
[tantek]1 joined the channel
# 18:40 
[tantek]1 like, security is only as good as it is usable & maintainable
[KevinMarks]1 joined the channel
# 18:41 
[tantek] seems like one of those odd security vs. reliability compromises
voxpelli joined the channel
# 18:42 
capjamesg[d] It’s just a shame that in the cases of aged certificates you never know what could go down.
# 18:42 
capjamesg[d] I read about an expired certificate that impacted businesses like Stripe earlier this year.
# 18:44 
capjamesg[d] https://scotthelme.co.uk/lets-encrypt-old-root-expiration/
# 18:48 
capjamesg[d] Can etag HTTP headers be used to check if content is the same on more than just RSS feeds?
# 18:49 
[snarfed] different failure modes. they can overlap, but neither is a superset of the other. eg for some people, down/broken is preferable to compromised
# 18:49 
[snarfed] regardless, agreed! like any feature, security adds complexity, maintenance burden, etc. we can have both security and maintainability, it just takes work
# 18:50 
[snarfed] (not a great framing, security isn't really a feature, but no matter)
# 18:50 
[snarfed] tantek++ for consistently raising awareness that security and privacy aren't free and have costs!
# 18:50 
Loqi tantek has 20 karma in this channel over the last year (60 in all channels)
# 18:51 
[tantek]1 rather, my point is more of a behavioral one, that unmaintainable security is in practice no security at all, because users care more about things mostly working and somewhat secure than about having things barely/rarely working and very secure
# 18:52 
[tantek]1 common users that is. obv there are large sets of users that very much want failure instead of security compromise
# 18:52 
[snarfed] ah, sure!
# 18:52 
[tantek]1 SMS is a good example of this
# 18:53 
[snarfed] both points are good, security has to be usable/maintainable, and it's a spectrum, adding _some_ security (for some cost) can be worthwhile even if it's imperfect
# 18:53 
[tantek]1 totally. big believer in defense in depth 🙂
# 18:54 
[tantek]1 (aside, no karma while Loqi subject to aforementioned breakage in functionality due to no fault to Loqi in particular)
# 18:55 
[tantek]1 on another topic, FYI [KevinMarks] KartikPrabhu [chrisaldrich] and anyone else into "annotations" https://groups.google.com/a/mozilla.org/g/dev-platform/c/NXvLZHeIqQw/m/PbGve3rRAwAJ (note my reply in thread directing folks here 🙂 )
hendursaga joined the channel
# 19:17 
GWG [fluffy]: Re ticket Auth...are we ready to start recommending it?
# 19:22 
[tantek]1 Wow this is some table (Hypothes.is Historical Survey of Annotation Efforts) : https://docs.google.com/spreadsheets/d/1f86L7vgHUW9wSLNNSunhjmtxtg6KlCOVpHGKbqUzW-Y/edit#gid=0
# 19:22 
[tantek]1 That deserves to be Wikipediafied
IWSlackGateway, akevinhuang2, tantek, lahacker[d], barryf[d], kimberlyhirsh[d], maxwelljoslyn[d], tracydurnell[d], Murray[d], Ramon[d], aaronpk[d], grantcodes[d], corenominal[d], Jordy[d], Nezteb9000[d], hoenir, jeremycherfas, indieweb-irc-bri, cadeyrn[d], Zegnat[d], capjamesg[d], sayanarijit[d], wackycity[d], alex11, [aaronpk], [jeremycherfas], [tantek], [KevinMarks], petermolnar, superkuh, tetov-irc and Seirdy joined the channel
# 23:06 
mackeveli_ Lemmy, an open-source, federated link aggregator recently [added Webmention support](https://github.com/LemmyNet/lemmy/issues/1395). I thought that was pretty neat
# 23:06 
Loqi [chrysn] #1395 Send webmentions
[tw2113_Slack_] joined the channel