#dev 2025-05-04

2025-05-04 UTC
bterry1, CRISPR, grufwub, kgdrenefort, [tw2113], NaomiAmethyst, tei_ and [aciccarello] joined the channel
#
carrvo I don't think it falls under "not expected behaviour".
#
carrvo What I did was clear out the received Webmentions, then use a third party to simulate and update on the source (without an actual update).
#
carrvo *simulate an update
#
carrvo That way I could re-receive.
#
carrvo It is not really worth pursuing so much. But it was neat to observe the difference between Webmention sender implementations.
#
carrvo Now I am just pointlessly ranting...sorry.
tei_ joined the channel
#
[artlung] I suspect the responsibility belongs with your receiver storing received webmentions. That said, the source url is not going away, and you could reconstruct it because the source and target still are what they were.
#
[artlung] And no worries! Good exercise. :)
barnaby, danielpietzsch and [jeremycherfas] joined the channel
#
doesnm am i implemented q=config wrongly? IndiePass still show other post types. https://doesnm.cc/pastebin.php?id=FuJHvH
NaomiAmethyst and schepp joined the channel
#
schepp @tantek https://onlinephp.io/
#
[tantek] PHP << Online PHP testing tool with adjustable versions! https://onlinephp.io/
#
Loqi ok, I added "Online PHP testing tool with adjustable versions! https://onlinephp.io/" to the "See Also" section of /PHP https://indieweb.org/wiki/index.php?diff=101248&oldid=99295
#
schepp [tantek] a PHP to JS transpiler: https://www.npmjs.com/package/babel-preset-php
#
schepp [tantek] maybe you are interested in this project which recreates all kinds of PHP builtin functions in JavaScript: https://locutus.io/php/ (and also in other languages). This means you could write your stuff in PHP and could still run it in a browser as all PHP functions would be made available there, too.
barnaby joined the channel
#
kgdrenefort [tantek]: why not simply php -a ?
#
kgdrenefort ah yeah
#
kgdrenefort it does debugging onlive as would do an IDE for example
parnikkapore_x joined the channel
#
[tantek] kgdrenefort because as of macOS Monterey, "php" is not installed by default 😕
#
kgdrenefort on linux too :P
#
[tantek] updated my website to run on PHP 8.x!
#
perryflynn aaronpk: regarding your traffic issue with webmention.io: since I have a statically generated website I download all interactions from my blog-intercom API as json file and include it at build time into the website. maybe this would also be an option instead of using the javascript fetch() requests for some people. I'll write a blog post how I did it exactly later and will let you know, if you're
#
perryflynn interested.
#
capjamesg I am working on fixing a bug in my web reader today.
#
perryflynn [tantek]: great! 🚀
#
perryflynn < apjamesg>: can I take a look to that web reader somewhere?
#
capjamesg perryflynn https://artemis.jamesg.blog
#
capjamesg [edit] perryflynn https://artemis.jamesg.blog
#
capjamesg Invite code: coffee
#
perryflynn thanks.
#
doesnm capjamesg: artemis is better than cinnamon?
claudinec and barnaby joined the channel
#
capjamesg doesnm They are designed with different goals in mind. Cinnamon was a social reader with the ability to post, like posts, etc. Artemis only lets you follow websites you like.
#
capjamesg I have been using Artemis every day for around a year.
xue joined the channel
#
aaronpk perryflynn: some people definitely use it that way, but many don't and they rely on the API to fetch webmentions on the fly. But the API is just the first of the problems, the avatars are the bigger problem, so I'd also have to block the images from being hotlinked to force people to download a copy themselves
#
Zegnat xue: what are you trying to do with \r? I am not familiar with any special handling that HTML does with it
#
xue again, Why does html ignores '\r' symbol? In any other scenario, i am able to override the text and w3schools list it as allowed ascii control character. am i doing something wrong with "&#13;" notation or is html standard broken?
#
xue Zegnat: in C i can move to the beginning of line and override what i just wrote
#
xue i thought i might bamboozle AI scrappers a little, throwing random lines between the text, going back to the beginning of line and overriding them with real content
#
xue Like a random, nonsensical sentence, invisible to humans but not in comment
#
xue You know what i'm saying, you get me?
#
xue Unfortunately from what i see in firefox, &#13 does absolutely nothing
#
Zegnat Ah, I am not sure Unicode / rendering engines define it that way. Because there is no cursor involved.
#
xue so if i specify ascii encoding it might work?
#
Zegnat No, I mean it does not do what you expect because there is no curser to move. So \r is just defined as generic whitespace
#
xue it doesn't even render as such
#
xue I might try with opacity: 0.0 but well, i hoped for more sneaky approach
#
Zegnat It renders the same as e.g. \f, as a zero-width whitespace character. At least that is what it does for me.
#
xue why can't we have nice things
#
xue it might work with small text
#
perryflynn AFAIK there is no difference between \n and \r\n in HTML, just for compatibility reasons between linux/windows/macOS.
#
perryflynn both is just generating a newline.
#
Zegnat Yes, \r\n is special. This was mostly about just \r
#
perryflynn the behaviour you describe only works in terminals.
#
xue perryflynn: it doesn't even do that, it doesn't do shit
#
perryflynn yea, but macOS is using \r as a \n replacement. that is one reason why \r behaves not as expected in browsers. they just standardized the behaviour to make it work the same in all OSes.
#
Zegnat It would have been funny if control characters worked in modern text rendering. I would be putting \b all over the place, hehe
#
perryflynn and in terminals it behaves like that because of historical reasons (vt100) and to keep TUIs working.
#
xue Zegnat: why can't they
#
xue it's just text
#
[tantek] Zegnat, joining us for IWC DUS on Zoom?
#
Zegnat [tantek]: sorry, no, I wanted to but life happened so I am not stationary
barnaby and ttybitnik joined the channel
#
xue can you at least define css properies in such a way that they alternate style very other line?
#
perryflynn xue: https://developer.mozilla.org/en-US/docs/Web/CSS/:nth-child
#
xue thx
#
perryflynn yw
#
perryflynn many AI scrapers are using selenium or just plain python. so styles will only harm normal users IMHO.
#
xue perryflynn: how so?
#
perryflynn AI scapers don't care about css. but users do. so if you make an annoying styling. it only affects real users.
#
xue yeah, that's the point, make some lines invisible to users with css and visible to scrapers in html
#
xue and make em grammatically correct yet nonsensical
#
xue or maybe i can put everything of it behind login page with some obvious credentials, idk
#
[artlung] I have deep skepticism about _relying_ on CSS to do the sorting of who is and is not a real person. There are offline readers, reader mode, and other mechanisms where you may pollute the experience of actual humans. How and whether that bothers you is in your hands.
#
[artlung] Heydon Pickering's approach is worth a look, hidden links which might bog down bots somewhat.
#
perryflynn xue: ah, okay that could work. but this also could harm you reputation at search engines.
#
[artlung] there's also tools like this: https://github.com/mitchellkrogza/apache-ultimate-bad-bot-blocker (there are many, none I've tested)
#
perryflynn [artlung]++
#
Loqi [artlung] has 10 karma in this channel over the last year (55 in all channels)
#
Loqi [preview] [mitchellkrogza] apache-ultimate-bad-bot-blocker: Apache Block Bad Bots, (Referer) Spam Referrer Blocker, Vulnerability Scanners, Malware, Adware, Ransomware, Malicious Sites, Wordpress Theme Detectors and Fail2Ban Jail for Repeat Offenders
#
xue kinda, but my website looks like early 2000s so it is already non screen ready friendly, as bad as it might sounds
#
[artlung] I do ave a number of user agent strings I've decided to block outright, though I backed off a few because it impacted shared links.
#
[artlung] basically (Apple) Messages and Instagram og:images
#
xue [artlung]: i can't do that, i host my website on neocities
#
[artlung] has your site experienced slowdowns due to bot traffic, to your knowledge?
#
xue idk, idc about bandwidth, i just don't like the fact that I have to play by copyright rules and big corpos don't
#
xue perryflynn: it's a blog and also shitty at being blog, SEO doesn't bother me
#
xue btw you might check my first attempt at html
#
xue https://xue.neocities.org/
#
[artlung] it's not merely big corps, it's scrappy wannabes too who are deploying and spidering and respidering voraciously. I've had several slowdowns I observed of sites of mine and which my webhost attributed to bot traffic.
#
[artlung] their lack of respect for basic manners in terms of speed of spidering is pretty terrible.
#
xue >basic manners
#
xue >theft like business
#
xue be a little more anchored in reality [artlung]
#
[artlung] tools which distribute the spidering across many machines is really definitionally a DDOS (distributed denial of service) attack.
#
xue They are like those electric scooter ppl who were deprived of common sense
#
xue [artlung]: only if one actor is behind that
#
[artlung] I am firmly anchored in reality and in the social contract. I am also firmly in the camp of encouraging legislators to do something about bad actors in tech. I would ask you not to tell me how and what to be and I will do the same.
#
xue otherwise it's ip hopping and plain DoS
#
xue legistrators can't do shit, unfortunately
#
xue take European cookie law for example, the only effect of it is your psychological well being
#
perryflynn xue: I like the 2000s vibes. :-D
#
[artlung] not if they don't do anything, xue. it's true, lawmakers around the world are in stasis. but they are not without power. they need to be reminded of it.
#
xue they still can track and share your data either by "reasonable interest" of fingerprinting
#
xue EU was like: our job here is done, time to play some counter-strike
#
xue s/of/or/
[qubyte] joined the channel
#
xue perryflynn: thanks, i am most proud of graphics, i did em myself
#
xue it turns out if you enable 'show grid' and 'snap to grid' gimp is like any other cad software
#
[artlung] fun aesthetic for sure. look forward to seeing where it ends up!
#
xue BTW, does anyone know how to make logic statements evaluation in js? I wanted to make a tool that would create karnaugh maps but i can't host php
#
xue which is more similar to C than js
barnaby joined the channel
#
[artlung] I've not encountered Karnaugh Maps in a long time but here's a library which can do them: https://github.com/upsetjs/upsetjs ... it steers toward React but there are also Vue and no lib implementations ("bundled" is how they put it if I read it right). To me, I'd play with this in CodePen and see if I could get it working. CodePen can pull in js from external sources.
#
Loqi [preview] [upsetjs] upsetjs: 😠 UpSet.js - a set visualization library for rendering UpSet Plots (a JavaScript re-implementation of UpSet(R) by Lex et al), Euler Diagrams, Venn Diagrams, and Karnaugh Maps
#
xue ok, one last thing, i thought i might just ask a user to put a string, sed it to replace it with logic operators and call eval() on it. Can is somehow affect the website or will it only calculate on users side? i get the risks of letting users execute what they want, but that would be the only instance of a js on the whole website
#
perryflynn only if you allow to share a JS state via URL, then this could be abused for cross site scripting. if it's just for one user and it's gone after page refresh, it's fine.
#
xue thanks! Now i only need to learn js
#
perryflynn if I can send a link from your site which executes my JS code, then this could be abused to steal cookies/login sessions in the worst case.
#
xue and to prevent that i should...?
#
[artlung] for a client-side application, with no way to turn execution into advanced privileges or anything destructive (creating changes to the site/application, deleting things, affecting the experience of others) -- it's harmless.
#
[artlung] but `eval()` is among those parts of JS considered _not the "Good Parts"_ to use the Douglas Crockford term.
#
[artlung] For your use, like perryflynn noted, harmless
#
xue i don't need and honestly don't want to become expert at js, i just want usable karnaugh maps tool to exist somewhere in the web
#
perryflynn xue: just don't allow/implement stuff like https://xue.neocities.org/#exec=alert('you got hacked');
#
perryflynn xue: which is completly fine. JS can only become a problem if you allow users to add content to your site. like with comments for from URL.
#
perryflynn everything else is stuff from an individual which cannot be shared/send to any other browser.
tei_ joined the channel
#
xue anyway, i must be going, see ya when I'll need free js code review
xue left the channel
#
perryflynn hf
schepp joined the channel
#
carrvo It is less of "they don't have to obey copyright" and more about the enforceability of law in different contexts. They are "evil" in that they know what context can't, or is difficult to, enforce and take advantage of their knowledge.
#
carrvo Individuals do that all the time on a smaller scale that we are more willing to let slide without calling them "evil".
thegreekgeek, geoffo_ and Kolev joined the channel
#
Zegnat re: xue saying something about putting a login page in front of the site; I did think about making an old school “splash page” for my site and put some notice on it that you confirm 1/ you are visiting my site in a personal capacity or 2/ you give me full transferable irrevocably rights to inspect and use any product that may be the result of something you find on my site.
#
Zegnat Then if I ever spot a scraper in my logs, I can contact them and kindly ask them to hand over their R&D to me as per our agreement