#dev 2025-02-27

2025-02-27 UTC
# 00:20 
immibis a URL in reality (and also in theory!) specifies how to get a resource. it's not a unique identifier for a resource. a URN is an identifier for a resource and is more rarely used.
# 00:20 
immibis a URI is either a URL or a URN. all http:// URIs are URLs, unless someone is abusing them, as many protocols do.
# 00:21 
immibis (such as XML namespaces)
# 00:21 
immibis an authentication tag is part of how you fetch a resource, so it can be part of a URL
# 00:21 
immibis it's also possible for ambient authorization to be implied
# 00:23 
immibis trwnh: ^
aciccarello joined the channel
# 00:35 
sebbu immibis, but most browsers and libs removed the old http://user:pass@domain.tld/path/file url format !
# 00:35 
sebbu (for http basic auth)
# 00:37 
immibis yeah, some kind of security concern. I think that you could spoof the user part to look like a whole URL. Doesn't mean it's not logically a valid URL though.
# 00:37 
immibis http://google.com/longurlpart....:foo@evil.com/
# 00:39 
sebbu well, that concern is invalid on a correct implementation, / (and : and @) not being a valid character
# 00:39 
sebbu (ofc, you could escape them in %hex, but then you won't mistake it)
# 01:00 
immibis iirc it IS valid in the username and password field - that's why it was a problem. Otherwise it would be no different from http://google.com.reallylongstring.evil.com/
# 01:07 
sebbu in the field, yes
# 01:07 
sebbu in the url, no
# 01:08 
sebbu in the url it must be encoded in %hex
# 01:08 
sebbu the url must be explicit and non-ambiguous
# 01:10 
sebbu well, it's not really that different
# 01:10 
sebbu especially since people using unicode similar-looking characters
# 01:10 
sebbu :D
newbster, GWG and grufwub joined the channel
# 03:28 
trwnh immibis: you wouldn't generally embed an oauth token into a uri, would you? no, you would use the Authorization header
# 03:30 
trwnh i also don't think the URL vs URN split makes sense anymore. rather, they are all names, it's just that some names encode protocols for dereferencing or resolving the name
# 03:38 
tantek.com yeah, urns were a dead-end to begin with.
# 03:39 
tantek.com that was my attempt to kill the topic here. not sure any indieweb site bothers with any URN URI or auth-in-old-URL syntax stuff. likely better for  #random unless someone is actually talking about building support for it on their personal site
# 03:57 
immibis trwnh: have you heard of an unlisted video (or other object)?
# 03:57 
immibis URLs vs URNs definitely make sense...
# 03:58 
immibis the only reason you wouldn't put a username and password in a URL to curl is that authorization systems got more complex.
# 04:01 
tantek.com ^ let us know how you're building these things on your personal site, otherwise there's no empirical basis to claim "definitely make sense".
# 04:02 
tantek.com "reason you wouldn't put a username and password in a URL" is it's bad security. please see the actual discussion in the specification on this instead of making specious claims like "authorization systems got more complex". https://github.com/whatwg/fetch/pull/465
# 04:02 
tantek.com [edit] "reason you wouldn't put a username and password in a URL" is it's bad security. please see the actual discussion in the specification on this instead of making specious claims like "authorization systems got more complex". https://github.com/whatwg/fetch/pull/465
Boiler, oodani, leo60228, vriska, [Jo], [morganm], IWSlackGateway, [aaronpk], vskate and [KevinMarks] joined the channel
# 10:26 
capjamesg[d] [Joe_Crawford] I would love to learn about fit-content at a future FrESH.
# 10:26 
capjamesg[d] I can't join the next one as it conflicts with HWC Edinburgh though.
nemonical and [artlung] joined the channel
# 10:54 
[artlung] Added to the list James! Now back to 💤  for me. :)
vskate, Guest6, ttybitnik, [pfefferle] and [Ana_R] joined the channel
# 12:14 
immibis @tantek.com "bad security" has nothing to do with whether something is a valid conceptual part of a URL or not
[qubyte] joined the channel
# 12:20 
[KevinMarks] https://bsky.app/profile/middlesbroughfe.co.uk/post/3lj5un72wdk2d Ana is already speaking there
axcelott, GuestZero, nemonical, [schmarty], [tantek] and [Jo] joined the channel
# 16:46 
capjamesg[d] [KevinMarks] Is there a more up to date version of https://github.com/kevinmarks/cassis-autolink-py
# 16:46 
Loqi [preview] [kevinmarks] cassis-autolink-py: Python port of a subset of Tantek Çelik's CASSIS
# 16:46 
capjamesg[d] [edit] [KevinMarks] Is there a more up to date version of https://github.com/kevinmarks/cassis-autolink-py
# 17:05 
[KevinMarks] No, I haven't ported Tantek's improvements since. He's definitely updated the regex since then
# 17:06 
[tantek] I need to set up some more regression tests
# 17:07 
[tantek] (Seems like every language has its own test framework)
# 17:08 
[tantek] [KevinMarks] do you have tests of your own? Or is there a good strategy for cross-language tests?
# 17:08 
[KevinMarks] Kyle copied over the existing tests iirc.
# 17:09 
[KevinMarks] The strategy is manual until it hurts
# 17:10 
[KevinMarks] We could look at the mf parsing model where we define input and output in a language independent format maybe
dhrjarun joined the channel
# 17:12 
capjamesg[d] I can PR an update with the regex?
# 17:12 
capjamesg[d] I tried jamesg.blog in the autolinker and it failed.
# 17:14 
[KevinMarks] How does cassis run tests in both languages?
sp1ff and gRegor joined the channel
# 17:56 
capjamesg[d] Starbucks' RSS feed is blocked by their Cloudflare 😭
bterry and nemonical joined the channel
# 19:13 
[tantek] [KevinMarks] manually on my local machine 😂
# 19:14 
[tantek] capjamesg[d] I'm confused, Starbucks is using Cloudflare which is blocking something, or your site/reader is using Cloudflare which is blocking something?
# 19:15 
capjamesg[d] Starbucks is using Cloudflare and blocks my reader's requests to its feeds 😭
# 19:15 
sknebel presumably the (sadly standard) error of Starbucks asking CF to blanket-prevent automated requests, including for URLs (like feeds) designed to be read by automated requests
# 19:16 
capjamesg[d] The URL is https://about.starbucks.com/feed/
# 19:16 
capjamesg[d] A HTTP request asks the user agent to try again with cookies and JS enabled.
# 19:17 
capjamesg[d] With various mentions of "cf" (cloudflare) in there.
ttybitnik joined the channel
# 19:18 
[tantek] does it also block a http://granary.io request for the feed?
# 19:19 
[tantek] might also test with Thunderbird on your laptop to see if at least that works (to get the Stabucks feed) or not
# 19:20 
capjamesg[d] Granary gets a 403.
# 19:30 
[tantek] good to know it's not just you!
# 19:31 
sknebel granary and bridgy are going to run into pretty much any filter, "this is a google cloud IP" is very basic heuristic :D
# 19:32 
sknebel even before the recent AI scraper mess that was not that uncommon, I remember a few people that couldnt use bridgy because their webhosts filtered it on that basis
gRegorLove_, Zegnat and [snarfed] joined the channel
# 20:42 
[snarfed] yup https://github.com/snarfed/bridgy/issues/885
# 20:42 
Loqi [preview] [willtm] #885 Reclaim Hosting (BitNinja) blocking Google Cloud IP addresses
GWG and bterry joined the channel
# 21:49 
[snarfed] I'm above my pay grade in CSS right now. the bluesky icon on my posts on https://snarfed.org/ is a ::before pseudo-selector with url(...) for an image and display: inline-flex width: 16px, and it works great in Firefox, and degrades gracefully in Safari, but is totally broken in Chrome
# 21:50 
[snarfed] awkward CSS, I know; I have limited control over the markup without forking the synd links plugin. apart from that, anyone know what I can do to get it the same across browsers?
# 21:52 
catgirlin.space uh.. is it supposed to be that big? lol (Safari Technology Preview release 213)
# 21:52 
catgirlin.space https://cdn.discordapp.com/attachments/866577430886350869/1344789338705105017/CleanShot_2025-02-27_at_16.52.062x.png?ex=67c2302b&is=67c0deab&hm=805687b2740aaf9b8b9f182244307def1784e8403302edccb3bfde5316100947&
# 21:53 
[snarfed] that's what's broken
# 21:53 
[snarfed] only in Chrome
# 21:53 
[snarfed] any idea how I can fix it?
# 22:00 
[artlung] I’m away from a proper computer but this is up my alley in a bit once I can take a look. But don’t let me saying that dissuade anyone from looking before I do
# 22:01 
[artlung] Maybe 15 minutes
# 22:03 
gRegor [snarfed], This worked with my fiddling in Chrome: https://stackoverflow.com/a/8978010
[benji] joined the channel
# 22:10 
[artlung] [snarfed] `a.syn-link[href*="http://bsky.app"]::before { content: ' '; background: url("/bluesky-icon-light-gray.png") 0 / 16px; }` is my approach. first stab.
# 22:11 
[artlung] since you define the size of beforre as 16px x 16px that's the background position and size I'd choose. More portable would be `a.syn-link[href*="http://bsky.app"]::before { content: ' '; background: url("/bluesky-icon-light-gray.png") 50% 50% / contain; }`
# 22:13 
[artlung] s/beforre/`::before`/
# 22:22 
[snarfed] thank you both! will try in a min
# 23:01 
[snarfed] that did it! thanks again!
# 23:01 
[snarfed] fighting cache now, but that's my problem
bterry, sebbu2 and sp1ff joined the channel