#known 2020-07-29

2020-07-29 UTC
[tantek], [chrisaldrich], sblinnDiscord[m], JustMaierDiscord, bltavaresDiscord, IPFSFanDiscord[m, gmelodieDiscord[, AuHau[m]1, TeamIanDiscord[m, drbhDiscord[m], nek11Discord[m], mapachurroDiscor, ptonerDiscord[m], richtercamdenDis, malaclypsDiscord, jenncloudDiscord, coryschwartzDisc, dosch[m], virtual_vagrantD, kppDiscord[m]1, nofwayyDiscord[m, Discord[m]2, UserDiscord[m], scandichainDisco, kppDiscord[m], zwelsternDiscord, rappelDiscord[m], JungleHeartDisco, Dby0Discord[m], gnunicornDiscord, codynhatDiscord4, mZDiscord[m], PhillmacDiscord[, RDeckardDiscord[, jazzy-jeff^_^Dis, william_shakesDi, RyonezCoruscare0, RockSteadyTRTLD4, leoalvarezhDisco, DigitalOilDiscor, HarryTmeticDisco, Sm03leBr00tDisco, UsDiscord[m], DiscordBridge[13, reddDiscord[m], tobowersDiscord[, Hsiu-PingNichola, gumshedDiscord[m, boomshroomDiscor, JerbsDiscord[m], CathyLDiscord[m], gregjeanmartDisc, ShokuninDiscord[, wossDiscord[m], CyOp0x00Discord[, HaybalesDiscord[, khalnayakDiscord, braditzDiscord[4, MatthDiscord[m], ianfixesDiscord[, gabrielbaron16Di, ithithDiscord[m], koivunejDiscord[, RodolfoEDiscord[, panDiscord[m], peatDiscord[m], l^discordDiscord, solanavDiscord[m, sprayDiscord[m], achingbrainDisco, SmileRobotDiscor, ngamboaDiscord[m, hyde__Discord[m], raisDiscord[m], AraratDiscord[m], ksDiscord[m], nyarlathotepDisc, celsoDiscord[m]1, bengoDiscord[m], JayWelsh0845[m], ReallySnazzyDis4, KinnardDiscord[4, realChainDiscord, drshamoonDiscord, JohnnyMilkshakes, thomasDiscord[m], RobotLordimperia, celsoDiscord[m], radio_aliceDisco, mZDiscord[m]1, ddahlDiscord[m], DerekDiscord[m], wourslerDiscord[, zoink92Discord[m, tangoDiscord[m], gorhgorh[m]1, ianlopshireDisco, lamborghiniDisco, CarboClanCDiscor, DreamingInCodeDi, koalalorenzoDisc, MissLavenderDisc, eshohetDiscord[m, borismusDiscord[, anthony-albertor, AnthonyCBuddDisc, macerbiDiscord[m, FeNiXDiscord[m]1, pps96Discord[m], SpicoliWhiteDisc, gauthamDiscord[m, jklepatchDiscord, WesDiscord[m], Dazuck-3BoxDisc4, brewskiDiscord[4, kanejDiscord[m], AceFaceDiscord[m, amimDiscord[m], SuikaDiscord[m], megadogberthehim, sukarDiscord[m], ambackDiscord[m], pankajmendkiDisc, MikeShultzDiscor, astraiaDiscord[m, TionisDiscord[m], obernardovieiraD, matyas_mustohaDi, JD9Discord[m], GuillaumeDiscord, Exca1iburTheWise, andrewxhillDisco, daveatQCDiscord[, AmineDiscord[m], chmanieDiscord[m, CharlieRaptoreum, sekiDiscord[m]1, ScottSmileyDisco, manfredDiscord[m, r5723013Discord[, captain-nemoDisc, paulmahoneDiscor, SnowballDiscord[, chmanieDiscord[4, M3baidDiscord[m4, M3baidDiscord[m], HenniDiscord[m], maparentDiscord[, gozala[m]1, foxcoolDiscord[m, godparticleDisco, catmanDiscord[m], oed3[m], PamileissonDisco, IgutinDiscord[m], h2Discord[m], QwertyWhoreDisco, M|NecoDiscord[m], WellinkDiscord[m, DamirDiscord[m], pranayDiscord[m], Romaric[m], shivankDiscord[m, freekurt, bostaDiscord[m], romaricDiscord[m, jmank88Discord[m, DoggersUniteDisc, ArunDiscord[m], felixschlDiscord, corylDiscord[m], FranklinDiscord[, KisulkenDiscord[, chinsuDiscord[m], dqxDiscord[m], efnDiscord[m], ShmultzDiscord[m, wossDiscord[m]1, zcopleyDiscord[m, TianyiDiscord[m], bitspillDiscord[, FusonDiscord[m], PermawebMatrixBr, neohexDiscord[m], EdmundMDiscord[m, rklaehn[m], xtream1101Discor, itsmekntDiscord[, olizillaDiscord[, carsonfarmer[m], sachaDiscord[m], arjanvaneerselDi, baluptonDiscord[, jimpick[m], DoppelgngerDisco, RealSnazzy[m], celso[m], felixschlDiscor4, TyphooNDiscord[m, MesaDiscord[m], cam4507[m], Elijah3321[m], KirushikDiscord[, Discord[m]3, JordanKrageDisco, hazDiscord[m], TrevorDiscord[m], Expherience[m], thomasbDiscord[m, adinbDiscord[m], KevlarmonkeyDisc, SomeguyDiscord[m, richarddavisDisc, M4eekDiscord[m], nrtxrmndDiscord[, rklaehnDiscord[m, enricomarino[m], cyluDiscord[m], RomainDiscord[m], simibacDiscord[m, janttoDiscord[m], erlend_shDiscord, suleDiscord[m], thestevewayDisco, RichardLittDisco, Sean|FortmaticDi, tttDiscord[m], jimpickDiscord[m, vbDiscord[m], Dr_JayWDiscord[m, vinDiscord[m], watDiscord[m], AblibuDiscord[m], johanhermanDisc4, TroyDiscord[m], icaruszDiscord[m, BossMANDiscord[m, Imnotsoimpressed, jwheelerDiscord[, Oxy[m], raulDiscord[m], ZipperSKDiscord[, ritewhose[m], LSJI07Discord[m], NastyEbilPiwateD, cannabysDiscord[, M8431[m], OxyDiscord[m], Rick[m]1, crestDiscord[m], KeegenDiscord[m], M0zAND1zDiscord[, gunttedDiscord[m, pcowgillDiscord[, MasonDiscord[m], sbpDiscord[m], mZ[m], SirMemesALotDisc, amatuniDiscord[m, MMMMaggieDiscord, JonwelDiscord[m], PerinDiscord[m], Tianyi[m]1, CantiTurtleCoin[, JustMaier[m]1, Senshi[m], aaronpk[m], celso[m]1, Lolicon[m], sacha[m], JeffMaherVegas[m, drshamoon[m], fozzie[m], kanej[m]1, Akshay[m]2 and Valium[m] joined the channel
#
jbove
Looking at ways to harden Known. I should get the 2FA plugin. Are there other ways to make it harder for attackers to get in? Perhaps htpassword on the /session path? Would that work?
niceplaces, niceplace, [jeremycherfas] and [mapkyca] joined the channel
#
[mapkyca]
As a rule you shouldn’t have the session path (or uploads for that matter) in the docroot
#
[mapkyca]
You should also look at fail2ban for failed logins
#
Loqi
I agree
[jgmac1106] joined the channel
#
[jgmac1106]
askimet if you keep native comments on, I had to turn them off on almost all my sites
#
jbove
With the /session path I meant the login screen at this route /session/login . I know fail2ban for ssh and such. How would that work on a Known site? Native comments have never been on on my site. I - think - Akismet is working on webmentions.
[jeremycherfas] and [mapkyca] joined the channel
#
[mapkyca]
I wrote a plugin for it some time ago. Basically output auth success / fail to the auth log and then you have to have a rule for it
#
[mapkyca]
It’s old, and probably will have suffered some bitrot, but it works and protects my site
[tantek], [Rose] and [jgmac1106] joined the channel
#
[jgmac1106]
maybe a plugin bounty of 50-100 GBP or something
#
[jgmac1106]
for each plugin someone updates
#
jbove
Thanks for the references mapkyca. Will check it out. Lots to do for daytime job. But will see what I can achieve. I had promised more work on the JS and CSS too that I never gotten around to.
#
jbove
Good idea for the bounties. How would that work?
#
jbove
Tagging the issues? Open Collective is using bounty tags intensively on their Github project
#
[jgmac1106]
and general human decency, we pretty much know everyone in the community and would welcome others
#
[jgmac1106]
but I like the github idea for tracking...problem is there is no central repo for plugins they all live with the individual makers
#
[jgmac1106]
other idea we host a plugin hacking opo up session...just bang out as many as we can in a few hours
[argovaerts] joined the channel
#
[argovaerts]
i think mapping the plugins (in an awsome list or something) would still be handy imho
[grantcodes] joined the channel
#
[argovaerts]
quick question: is there a function in Known to get a request header or should I just use $_SERVER?
#
[argovaerts]
(in a plugin context)
[mapkyca] joined the channel
#
[mapkyca]
I’d be in favour of the bounty so long as it’s transparent, and especially if the bounties didn’t just always end up going to me! 😄 If this is to be paid out of the OC I’ll let [benatwork] weigh in since he’s the one clicking the authorise payment button.
[manton], bjoern, [Rose] and [jgmac1106] joined the channel
#
[jgmac1106]
yeah [mapkyca] that is what I was thinking we can start with a small update plugin bounties and document all on the collective...then maybe move into the heavier lifts...roadmap, the css grid, micropub
#
[jgmac1106]
for that I was thinking computer science clubs but it is getting hard finding young kids who know and play with PHP
[schmarty] and [jeremycherfas] joined the channel
[chrisaldrich], [Murray], [fluffy], [argovaerts], justache, [tw2113], [LewisCowles], [pfefferle], [spieper], [Ana_Rodrigues], [tb], plutes, seekr, jamietanna, niceplace, [KevinMarks] and [grantcodes] joined the channel