#[tantek][schmarty] worth adding to the FAQ. "visiting the site at least once" is a web equivalent of "install the app", so yes, in as much as people treat any piece of software as "offline first", you can't use it offline without first installing it 🙂
#[schmarty]glances towards the few pieces of physical software install media in his home
#[tantek]hah. whether you install from physical media or the network, you still have to take that install step. even that "physical software install media" had to traverse the slow network known as the "global supply chain" 🙂
#[schmarty]a network from which one can rarely truly be "offline"
#jackyI'm looking at things I'd want to incorporate into my Webmention submission form to prevent bad links (already restricting it to URLs known to my site for inbound)
#sknebelhm, I feel like rate-limiting that feature would be enough and non-intrusive?
#[tantek]I think the thread model is drive-by manual spamming and other opportunistic attacks, not automated (at least at first)
#jackyyeah actually that's what I'm thinking about (drive-by attacks_
#jackybut I should also make a very clearly defined threat model
[chrisaldrich] joined the channel
#sknebelyeah. i.e. someone plugging in random URLs for fun isnt stopped by doing it in a browser
#sknebelbut also whats the damage. a) resource use b) fetching other stuff b.1) resource use on other sites b.2) your server talks to sites you wouldnt let it talk to?
Saphire joined the channel
#sknebela) and b.1) are not too bad if slowed down enough, b.2) you can't prevent with captcha either