#dev 2021-11-23

2021-11-23 UTC
tetov-irc, chenghiz_, nertzy__, shoesNsocks, KartikPrabhu, [tw2113_Slack_] and nertzy joined the channel
#
HarryCoburn[m] If you're not handling sensitive data and you don't care about ranking on Google, do you think it's worth the hassle to add encryption to your site?
#
Ruxton yes
#
Ruxton because logging in is "sensitive"
#
Ruxton accepting users details is "sensitive" in some countries
#
Ruxton it shouldn't be a hassle at all
#
HarryCoburn[m] I'm not quite that far yet to accept other user's details and logging in, or if I want that, but I'll look into it then.
#
HarryCoburn[m] Another silly question. Do all my pages need to have links to the authorization_endpoint and token_endpoint, or just the main page?
shoesNsocks1 and weiglas joined the channel
#
aaronpk Just the main page
IWSlackGateway5, [KevinMarks] and [schmarty] joined the channel
#
HarryCoburn[m] Thank you!
IWSlackGateway, [KevinMarks], strugee and [tantek] joined the channel
#
[tantek] what is HTTPS
#
Loqi HTTPS is an abbreviation for Hypertext Transfer Protocol Secure, a form of HTTP where the communication is encrypted https://indieweb.org/HTTPS
#
[tantek] re: is it worth the hassle to add (presumably HTTPS) encryption: https://indieweb.org/HTTPS#Why
#
HarryCoburn[m] All fair points.
MAKAYUSNS[d], lagash, [chrisaldrich], jjuran, jeremycherfas, GNTHIV and [chrisbergr] joined the channel
#
[chrisbergr] For european website owners, https is a must if at least analytics, comments or contact form is used - due to the GDPR https://gdpr-info.eu/art-32-gdpr/
kogepan joined the channel
#
petermolnar wat
#
petermolnar https is a *must* comment/contact forms?!
#
petermolnar I don't think that's true based on that link; it only states "appropiate level of security"
#
[chrisbergr] In our day-to-day business at the agency, we constantly have to consult a law firm on the subject of GDPR. Among other things, Article 32 is always referred to when it comes to https.
#
[chrisbergr] As soon as a user can enter data or data is collected automatically, https is required.
#
[chrisbergr] At least that's what the lawyers say, which is really helpful with this monster called GDPR
#
petermolnar I won't argue that is what the lawyers say, but GDPR only applies to PII. If there's nothing, but a comment field - no user, no email, etc - GDPR doesn't even apply, for example.
#
[chrisbergr] A comment field without name and email adress? I think that's unusual, but okay. But it is also regulated that even the IP address is personal data.
tetov-irc joined the channel
#
Murray[d] Seb[d] I don't make my check-ins public (yet), but I post check-ins fairly frequently and have never used Swarm or OYS, so some of us do exist 🙂 I use my CMS pretty universally, including for check-ins. Actual location data is pulled from OpenStreetMap via a plugin.
grantcodes[d] and shoesNsocks joined the channel
#
Seb[d] Murray[d] nice! Do you have any microformats markup on them then? (Assuming not, since you say they aren't public, but still curious)
[jacky], schmudde and alex11 joined the channel
#
Murray[d] I do not, no 😅 I'm not really sure what the use case would be for microformats on a check-in? If I ever do make them live I'll likely provide a minimum level of information (lat/long, datetime, and my h-card) just in case I tag anyone else, but haven't given it too much though
#
Murray[d] thought*
#
aaronpk What's the use case of any microformats? So other people can parse the posts, whether for subscribing in a reader or showing reply context etc
#
Murray[d] Yes, but I'm not sure that I would really want either of those things to happen. A check-in will never be a reply (for my purposes); it may be a mention, so providing the info that people tend to like for webmentions could be useful. And I don't think I'd ever want anyone to subscribe to my check-ins, nor do I want to effectively provide an immediate API to that data.
KartikPrabhu and akevinhuang joined the channel
#
aaronpk Reply context is when other people show a preview of your post when *they* reply
#
aaronpk but yeah if you never expect to make them public or even visible to anyone else then there's probably no need
#
Murray[d] I do intend to make them public, just haven't spent much time thinking about what that would look like 🙂 Reply context is a valid reason; I guess I "reply" in a slightly less social-media like way, so I forget about microformats as a sort of "preview", but fair point
schmudde and lagash joined the channel
#
Seb[d] Mf2-based feed readers might be one last use case.
#
Seb[d] But yea, if they are not public then the markup is less important. Just asking because my first point was about the markup of checkins specificly :)
[manton] joined the channel
#
[manton] Anyone have tips for debugging ActivityPub? I’ve noticed that follow requests from Mastodon → my server seem to be getting 500 errors. No obvious errors on my side, though, and checking WebFinger and whatnot manually look fine. The test suite also looks offline now.
#
aaronpk only way i've found to successfully debug stuff like that is either setting up your own mastodon server to look at the logs or find someone who's running one who can look at their logs
#
[manton] Sometimes the 500 error is a 503 (SSL cert can’t be verified), which also seems odd.
#
[manton] [aaronpk] Thanks. Hoping to avoid installing myself, but would be useful I guess.
#
[manton] Actually I’m seeing 503s just between 2 different Mastodon servers. So maybe it’s not my problem.
Guest6 and kogepan_ joined the channel
#
[manton] Figured it out. Really dislike WebFinger.
#
aaronpk what was it? did something change?
ranuzz joined the channel
#
[manton] Not totally sure… I think it was mostly my bug. I noticed there were some WebFinger requests that didn’t have an “Accept” header, and I had a bug that would throw an error in that case… When I fixed that, I accidentally introduced _another_ bug in my code where the “acct” URI wasn’t correct. All working well now.
#
[manton] I think Mastodon’s “503 SSL” error is a red herring. Probably just happens whenever the hostname or account URL doesn’t match up with what it expects.
schmudde, ranuzz, digivonity and [snarfed] joined the channel
#
[snarfed] glad you found it! agreed, debugging AP can be a pain, and it can definitely be finicky about the Accept header
voxpelli and ranuzz joined the channel
#
[tantek] aaronpk, this one is for you: https://twitter.com/GalacticFurball/status/1462924780873519104
#
@GalacticFurball @scanlime oauth, but for zoomers (twitter.com/_/status/1462924780873519104)
#
[tantek] (also that Twitter displayname and account 😂 )
#
capjamesg[d] I loved the meme image.
#
capjamesg[d] https://twitter.com/thumperward/status/1463045895436570624
#
@thumperward @scanlime @GalacticFurball https://pbs.twimg.com/media/FE3Ie8zXIAYwwOP.png (twitter.com/_/status/1463045895436570624)
#
aaronpk oh gosh
#
aaronpk wait that quoted tweet is not sarcastic
#
aaronpk https://twitter.com/scanlime/status/1462924211907792903 true tho
#
@scanlime @dystopiabreaker why do you need to create a central system to help everyone decentralize the thing we've been doing without central authority since the very early days of the internet (twitter.com/_/status/1462924211907792903)
feoh, schmudde and ranuzz joined the channel
#
[tantek] what is a Shortcut
#
Loqi It looks like we don't have a page for "Shortcut" yet. Would you like to create it? (Or just say "Shortcut is ____", a sentence describing the term)
#
[tantek] what are Shortcuts
#
Loqi Shortcuts is an iOS app formerly known as Workflow used to automate various actions https://indieweb.org/Shortcuts
ranuzz joined the channel
#
capjamesg[d] If there is an SDK then it might be pretty easy for a mobile app to benefit from the native iOS OCR.
#
[KevinMarks] Google has an ocr api as a cloud service
#
aaronpk that is the opposite of what i want 😂
#
capjamesg[d] 😂
ranuzz, Seirdy and tetov-irc joined the channel