#dev 2022-06-20

2022-06-20 UTC
sp1ff joined the channel
# 02:05 
@OwenYoungZh ↩️ 是的，我目前就是用Webmention协议，把mention的json数据定时更新到我的repo，然后渲染。https://www.owenyoung.com/en/blog/indieweb/ ，看了你的文章之后，感觉那个Welcomments理论上可以直接用Github Actions实现，似乎能省掉一个SAAS。Github Actions支持webhook，然后生成一个pull request,这样就有了审核的功能了。 (twitter.com/_/status/1538704107577708546)
geoffo_, kandr3s, BinarySavior, jbove, kleb, vikanezrimaya, chee, kushal, jacky, loi[m], nathan[m]12345, [tantek]1, IWSlackGateway, mambang[m], gxt and [Simon_Gray] joined the channel
# 09:49 
[Simon_Gray] I guess it should do the same...? It would have to make an HTTP HEAD request to every HREF on the linked website, though, and inspect the headers for redirects, which results in N*M complexity.
jacky, mro, tetov-irc, alex11 and vilhalmer joined the channel
# 14:38 
Zegnat Also note that, at some point in time at least, Twitter required specific User Agent headers or it would not even return a redirect header. It used to just to JavaScript and HTML meta-element redirect
geoffo_, jacky, mro, kandr3s, angelo, gRegor, [Simon_Gray]1, tetov-irc2, gRegorLove_, [tantek], [chrisaldrich], tetov-irc and [snarfed] joined the channel
# 22:42 
[snarfed] Hi all! I have a security question. To use the Bridgy browser extension for Instagram and Facebook backfeed, you currently have to IndieAuth your site, log into your FB/IG account, and have your FB/IG profile link to your site.
# 22:42 
[snarfed] Sadly, Facebook recently stopped showing the web site field on profiles on mbasic.facebook.com (the more scrapeable frontend) altogether. https://github.com/snarfed/bridgy/issues/1110
# 22:42 
[snarfed] I remember deliberately choosing to require site link in profile, on top of IndieAuthed domain and logged in silo account, but I can't remember why.
# 22:42 
Loqi [snarfed] #1110 browser extension: mbasic.facebook.com profile no longer has web site
# 22:42 
[snarfed] Bridgy browser extension has a funny threat model in that it scrapes the silo HTML and sends it to Bridgy. So registered users can theoretically fabricate any silo HTML they want and send it.
# 22:42 
[snarfed] Given that, I don't think requiring site link in profile protects against anything, but I still wish I remember why I wanted it before. Any ideas?
# 22:50 
[snarfed] (Other thoughts are welcome too! The one main attack vector I see in this threat model is, someone fabricates a silo reponse and makes Bridgy send it to a site, and that site trusts it more than usual because it's from brid.gy. Relatively low risk. I expect there are others though...?)
gRegor and jacky joined the channel