#dev 2022-08-03

2022-08-03 UTC
#
[snarfed] local network HTTP has plenty of prior art, local hostnames work without needing DNS for TLDs, and mDNS/Bonjour etc are well established and and adopted and work pretty well
#
[snarfed] for WAN though, I still wonder whether we need any of this. seems like just encouraging finite number/duration of retries, with backoff, would be enough for most use cases
#
[snarfed] (including retrying webmention discovery! not sure there's much value in putting wm endpoints into DNS if the endpoint itself is often co-located and is likely also down)
#
[snarfed] https://indieweb.org/Webmention-brainstorming#retrying.2Ferror_handling has a very small start on this, maybe we expand it into a top-level /retries page or similar
gxt___ joined the channel
#
[tantek] snarfed, beyond "just" local network HTTP, my point was trying to bridge trust from CAs (gained while WAN connected), into local network scenarios
gRegorLove_ joined the channel
#
[snarfed] true! if we ever wanted to seriously try indieweb over LAN (etc), it would have a number of open questions like that. I think they'd be pretty different from the intermittent WAN connectivity scenario though
#
[snarfed] some overlap, sure, but not a lot
geoffo and [tw2113_Slack_] joined the channel
#
[KevinMarks] Does dyndns have a case for this?
petermolnar, gRegorLove__ and gRegor joined the channel
#
AramZ-S[m] This is a dynamic IP issue for sure, dyndns or noip.com both seem to have use cases
#
AramZ-S[m] What is Dynamic IP?
#
Loqi It looks like we don't have a page for "Dynamic IP" yet. Would you like to create it? (Or just say "Dynamic IP is ____", a sentence describing the term)
#
AramZ-S[m] Dynamic IP is the mapping of a web-facing URL to a non-permanent IP address that can change over time like a home computer or portable device.
#
Loqi ok
#
AramZ-S[m] Dynamic IP << https://www.noip.com
#
Loqi ok, I added "https://www.noip.com" to a brand new "See Also" section of /Dynamic_IP https://indieweb.org/wiki/index.php?diff=82575&oldid=82574
geoffo joined the channel
#
AramZ-S[m] Dynamic IP << https://help.dyn.com/remote-access/getting-started-with-remote-access/
#
Loqi ok, I added "https://help.dyn.com/remote-access/getting-started-with-remote-access/" to the "See Also" section of /Dynamic_IP https://indieweb.org/wiki/index.php?diff=82576&oldid=82575
#
AramZ-S[m] Dynamic DNS << https://indieweb.org/Dynamic_DNS
#
Loqi ok, I added "https://indieweb.org/Dynamic_DNS" to a new "See Also" section of /Dynamic_DNS https://indieweb.org/wiki/index.php?diff=82577&oldid=69502
#
AramZ-S[m] That's likely not the best description for that page, I really need to get my indie auth working.
#
AramZ-S[m] Ooops wrong copy paste >.<
#
AramZ-S[m] Dynamic IP << https://indieweb.org/Dynamic_DNS
#
Loqi ok, I added "https://indieweb.org/Dynamic_DNS" to the "See Also" section of /Dynamic_IP https://indieweb.org/wiki/index.php?diff=82578&oldid=82576
#
AramZ-S[m] Dynamic DNS << https://indieweb.org/Dynamic_IP
#
Loqi ok, I added "https://indieweb.org/Dynamic_IP" to the "See Also" section of /Dynamic_DNS https://indieweb.org/wiki/index.php?diff=82579&oldid=82577
gxt___, [jeremycherfas] and geoffo joined the channel
#
petermolnar re: sleeping websites, I wasn't just thinking of webmentions, but yes, that is one of the use cases; I was also, and more importantly, thinking of displaying friendlier errors to users.
gerben, joshproehl, walkah and tetov-irc joined the channel
#
IWDiscordGateway <capjamesg> Is there a service to map h-feed to RSS / JSON Feed? I want to remove my feed composition code from my static site generator but still want to preserve these feed types.
geoffo joined the channel
#
jeremycherfas Unmung.com does feed into h-feed, which is no help. Granary?
#
sknebel granary, yes
#
capjamesg_ Thanks jeremycherfas sknebel!
nertzy, gxt___, AramZS, jacky, gRegorLove_ and [snarfed] joined the channel
#
[tantek] heads-up, check your repos: https://twitter.com/stephenlacy/status/1554697077430505473
#
@stephenlacy I am uncovering what seems to be a massive widespread malware attack on @github. - Currently over 35k repositories are infected - So far found in projects including: crypto, golang, python, js, bash, docker, k8s - It is added to npm scripts, docker images and install docs https://pbs.twimg.com/media/FZNhPItUsAM5sIY.png (twitter.com/_/status/1554697077430505473)
#
[tantek] (thread)
#
[tantek] wow: https://github.com/search?q=myjino&type=Code
#
[KevinMarks] https://twitter.com/GitHubSecurity/status/1554843443200806913?t=Bs_6Rma2gn_F5p3xgVuqHQ&s=19
#
@GitHubSecurity GitHub is investigating the Tweet published Wed, Aug. 3, 2022: * No repositories were compromised * Malicious code was posted to cloned repositories, not the repositories themselves * The clones were quarantined and there was no evident compromise of GitHub or maintainer accounts (twitter.com/_/status/1554843443200806913)
#
sknebel yeah, this seems to be kind of overblown in some places
#
aaronpk Yeah that first tweet makes it sound way worse than it is
[manton] joined the channel
#
[manton] Nice quick response by GitHub.
#
[tantek] somewhat? I mean https://github.com/search?q=.myjino.ru&type=Code still has lots (20k+ code) results, including blocklists with many more subdomains of that .ru domain than just the one in the tweet thread
#
[tantek] btw, is this a silo advantage or disadvantage? disadvantage because GH is a bigger target, advantage because GH was able to "clean-up" repos on behalf of people
#
[manton] Yeah, it’s say a little of both. There is also a parallel problem of developers becoming too relaxed about having many dependencies and (sometimes) not even knowing what or where the dependencies are. I think I worry about that more than GitHub as a silo.
#
@oldaily Indiewebify me! And don't forget my webmentions! #oldaily https://www.downes.ca/post/74004 (twitter.com/_/status/1554861355118874626)
#
aaronpk ☝️
#
[tantek] 😂 "Looks like a nice new seat pattern for the Berlin public transport agency"
#
[tantek] aaronpk: I know this made you cringe: "There are different services, but IndieAuth.com seems to be the go to solution."
#
aaronpk oh no
#
[tantek] just saying, that's apparently where all the docs still lead a new person
#
[tantek] "there is *no out-of-the-box solution* for making your website ready for the IndieWeb" <-- what's missing for considering micro.blog an "*out-of-the-box solution*"?
#
[tantek] also that's a bit of a half-empty statement for a blog post about the relatively quick success of making your *Hugo* website ready for the IndieWeb
#
aaronpk maybe any mention of indieweb on the micro.blog home page? :)
#
[tantek] aaronpk, maybe? it could also be a specific page for folks that come to micro .blog looking to get setup on the IndieWeb
#
aaronpk is there any clue about how they found the indieweb? maybe whatever path that was should mention micro.blog better
#
[tantek] yeah that would be worth exploring
#
[tantek] I mean this is also part of the goal of the three column layout we've been talking about (and would be good to actually get a draft of which might require some in-person diagramming / hacking)
#
[tantek] what is Hugo
#
Loqi Hugo is a static site generator written in Go https://indieweb.org/Hugo
#
aaronpk although, it seems like that person was already set on using Hugo, so micro.blog wasn't really in the running anyway
#
[tantek] Hugo << Step-by-step instructions & examples to IndieWebify your Hugo site: 2022-07-22: [https://chringel.dev/2022/07/indiewebify-me-and-dont-forget-my-webmentions/ Indiewebify me! And don't forget my webmentions!]
#
Loqi ok, I added "Step-by-step instructions & examples to IndieWebify your Hugo site: 2022-07-22: [https://chringel.dev/2022/07/indiewebify-me-and-dont-forget-my-webmentions/ Indiewebify me! And don't forget my webmentions!]" to the "See Also" section of /Hugo https://indieweb.org/wiki/index.php?diff=82580&oldid=81720
#
[tantek] aaronpk, precisely the reason for the three paths. EITHER you're looking for an "*out-of-the-box solution*" (micro.blog), OR you're "popular CMS with UI" person (WordPress), OR you're a developer (SSG, DIY, etc.)
#
[tantek] (1) out of the box, (2) CMS with UI, (3) CMS with command line (or DIY).
#
[manton] Mentioning the IndieWeb on the Micro.blog home page… Yikes, that is a big oversight. Our web page needs a larger update but I could do that as a quick fix.
#
[tantek] That would be great [manton]!
#
[tantek] I don't know what % of folks come to micro.blog looking to "join the IndieWeb" but hopefully it's a large enough % that such a mention is more helpful than a distraction
#
[manton] It can’t hurt. Hopefully will also help more people become aware of the IndieWeb.
#
[tantek] 🙏
#
aaronpk yeah i definitely wouldn't expect it to be a big callout on the micro.blog home page, but at least someone looking for "is this going to get me on the indieweb" should be able to find some sort of confirmation of that!
#
[manton] Agreed.
#
[tantek] Another positive thing from this article is that the combination of IndieWebify.me and the [IndieMark] "Levels" helped provide a roadmap of sorts that gave a relatively direct path to follow, a sense of achievement ("*Level 2 IndieWeb citizen*"), and a clear idea of next steps: "What I’m currently missing is a way of having IndieWeb conversations (IndieWeb level 3, according to IndieWebify.me)"
jacky joined the channel
#
[tantek] for all the folks here have been critical about IndieMark or having explicit levels, I wanted to point out that, *even to a developer*, it was helpful to have specific guidance and an particular opinion of ordering of features
#
[tantek] a* particular opinion
#
[tantek] also points out that IndieMark levels are most effective when actually implemented in a validator / live site evaluator like IndieWebify.me
#
[tantek] and that the label "IndieMark" (unmentioned in the post, which is fine) is much less important than the concept of "levels", no matter what they're called
mlncn and [Jamie_Tanna] joined the channel
#
[Jamie_Tanna] Capjamesg you may also be able to use granary.io?
jacky joined the channel
#
[Jamie_Tanna] Soz missed that someone had already mentioned it 🙃
jacky joined the channel
#
[schmarty] re: that blog post - micro.blog is built on Hugo and you can write your own custom themes in Hugo so it is in many ways a turnkey Hugo hosting service as well!
geoffo joined the channel
#
@1uigi Yo but for websites https://webmention.net (twitter.com/_/status/1554888777755246593)
#
aaronpk lol
jacky joined the channel
#
sknebel lol
#
IWDiscordGateway <capjamesg> u-yo-of is the yo for websites.
#
IWDiscordGateway <capjamesg> What is yo?
#
IWDiscordGateway <capjamesg> https://indieweb.org/Yo
lanodan, cjw6k and [joe088] joined the channel
#
[joe088] [aaronpk] Is there an issue with aperture.p3k.io currently? Maybe Watchtower? Been trying to add some feeds but a lot of them show 0 entries despite posts as of yesterday. The feeds show fine in the Monocle previewer, though.
#
aaronpk Hmm could be
#
[joe088] I wondered if it was related to this: https://github.com/aaronpk/Aperture/issues/105
#
Loqi [martymcguire] #105 Handle errors creating Watchtower subscriptions
#
[joe088] I may spin up my own server for it and find out if it's just my feeds or if it's something else. But wanted to check if there was something obvious before I head down that road.
jacky, tetov-irc and angelo joined the channel
#
[snarfed] regular reminder that the internet is the wild west, here are a couple views of an ongoing automated fuzzing attack on Bridgy. happens a couple times a month or so these days. https://snarfed.org/fuzz_requests.png , https://snarfed.org/fuzz_logs.png
#
[snarfed] I don't actually mind, especially if they report any vulnerabilities they find, https://brid.gy/about#vulnerability . usually they're pretty unsophisticated though, eg indiscriminately trying common vulnerabilities in wordpress plugins or similar