#dev 2023-09-29

2023-09-29 UTC
[schmarty] joined the channel
# 00:51 
[schmarty] aaronpk omg Monocle is all php short tags :zany_face:
# 00:52 
aaronpk ohh
# 00:52 
aaronpk new server new php config
# 00:53 
aaronpk wait tha's weird i didn't move monocle
# 00:53 
aaronpk oh wait you don't mean my instance of it
# 00:53 
[schmarty] haha it's working fine on http://p3k.io. i just started setting up my own and was like "oh no what is wrong with all this leaky php"
# 00:53 
aaronpk haha
# 00:54 
[schmarty] only 167 lines to change let's go :cracks knuckles: :logs out: :closes laptop: :goes to bed early:
# 00:54 
aaronpk or one line of php config :P
# 00:56 
[schmarty] i didn't wanna do it, but i did the php config change
nertzy and AramZS joined the channel
# 03:48 
gRegor embrace the short tag :)
# 04:12 
[tantek] oh is that what is tripping up my PHP 7 -> 8 transition?
# 04:14 
aaronpk it's not really a version difference, but the default setting changed from on to off
# 04:14 
aaronpk at some point a long time ago
gRegorLove_ and gerben joined the channel
# 04:49 
[tantek] well if it was a long time ago then it's unlikely to be the source of 7->8 breakage
[Jo], [jeremycherfas], AramZS, rocto, geoffo and gxt joined the channel
# 15:39 
aaronpk sebbu: OAuth step-up authentication spec https://www.rfc-editor.org/rfc/rfc9470.html
# 15:40 
aaronpk in particular: https://www.rfc-editor.org/rfc/rfc9470.html#name-authentication-requirements
# 15:40 
aaronpk the max_age parameter
# 15:43 
sebbu oh, the first one is why they ask to auth me again on CI sites when i first try to add a private repo
# 15:43 
sebbu (since previously they had only asked for the public repo access)
# 15:44 
sebbu and max_age is probably to prevent accessing it several days later, while not reasking auth for normal operations :)
# 15:44 
sebbu thx
# 15:44 
sebbu aaronpk++
# 15:44 
Loqi aaronpk has 42 karma in this channel over the last year (112 in all channels)
mooff and chenghiz_ joined the channel
# 16:55 
[snarfed] yeah max age/re-authing seems different from adding scopes/permissions that weren't previously granted (sebbu's case here)
# 16:55 
[snarfed] (not sure which is "step-up")
# 17:03 
Soni does anyone feel strongly about shoving feed authentication into username:password@ ?
# 17:35 
sebbu several (if not all) browsers removed protocol://user:pass@domain/
# 17:35 
sebbu only protocol://domain/
# 17:35 
sebbu (well, and the facultative port)
# 17:36 
sebbu i personally quite liked it, it was good for tests of auth, i could just click an invalid auth to log out, then switch account easily
# 17:39 
Soni okay good so we'll reserve it for future use
# 17:41 
Soni (fun fact: we already use username:password@ for web+ap, specifically for tags. a la web+ap://tag:FediLinks@chaos.social/tags/FediLinks )
# 17:42 
Soni (not documented and mostly unsupported but anyway)
# 17:50 
[snarfed] for podcast feeds, you may not really care about browsers, only about the HTTP libs that podcast apps use
# 17:50 
aaronpk user:pass is a dying authentication mechanism in general, i would not build new things with it
# 17:54 
Soni exactly: we're not using it for authentication
# 17:54 
Soni (mostly because activitypub authentication is incompatible with URI-style authentication)
# 17:55 
Soni (so if it's incompatible, we may as well repurpose it for something useful)
# 17:55 
Soni (tags are not an activitypub *object* but they're a widely supported feature. we figured we may as well encode them in URIs somehow.)
AramZS joined the channel
# 18:18 
sebbu libs also removed it
bret and angelo joined the channel
# 21:36 
Soni you work with what you have, and the way fedilinks works makes web+ap://tag:FediLinks@chaos.social/tags/FediLinks really convenient
# 21:59 
Soni (but really web+feed and/or web+wordpress are more relevant to indieweb)
# 22:14 
Soni can you imagine a web where ACE/RCE/fingerprinting/non-consensual eyeball usage are no longer much of a thing
jeremycherfas, Renfield and kleb joined the channel