#social 2017-01-03

2017-01-03 UTC
fabrixxm and KjetilK_ joined the channel
# 15:05 
aaronpk Good morning!
# 15:07 
rhiaro Good bedtime, aaronpk
# 15:07 
rhiaro anyone want to move this meeting a few hours earlier..? :)
# 15:24 
aaronpk Heh I don't think it'd be a good idea to take the call from the dentist chair
# 15:37 
ben_thatmustbeme might make things a little difficult to hear
# 16:42 
sandro any agenda for today?
# 16:44 
ben_thatmustbeme i can create the template for it.  I know the github issue on webmention said we would discuss it today
# 16:44 
sandro unfortunately, I don't think there's anything to say about it
# 16:45 
sandro https://github.com/w3c/webmention/issues/84
# 16:45 
sandro oh, wait, there's been a response
timbl and KevinMarks joined the channel
# 17:58 
sandro trackbot, start meeting
# 17:58 
trackbot is preparing a teleconference.
RRSAgent joined the channel
# 17:58 
RRSAgent logging to http://www.w3.org/2017/01/03-social-irc
# 17:58 
trackbot RRSAgent, make logs public
# 17:58 
RRSAgent I have made the request, trackbot
Zakim joined the channel
# 17:58 
trackbot Zakim, this will be SOCL
# 17:58 
Zakim ok, trackbot
# 17:58 
trackbot Meeting: Social Web Working Group Teleconference
# 17:58 
trackbot Date: 03 January 2017
# 17:59 
sandro present+ sandro
KevinMarks2 and tantek joined the channel
# 18:02 
tantek hmm - I didn't see anyone create https://www.w3.org/wiki/Socialwg/2017-01-03
# 18:03 
aaronpk present+
# 18:04 
tantek present+
# 18:06 
tantek no official telcon today, but we are unofficially on the call discussing https://github.com/w3c/webmention/issues/84
# 18:08 
ben_thatmustbeme present+
# 18:08 
cwebber present+
# 18:10 
ben_thatmustbeme yes
# 18:10 
cwebber I didn't hear
# 18:10 
cwebber was plugging in my headphones
# 18:10 
sandro https://github.com/w3c/webmention/issues/84
# 18:12 
tantek Proposing inserting second bullet point to 4.1:
# 18:12 
tantek • Receivers MUST verify Webmentions per section 3.2.2
# 18:12 
ben_thatmustbeme yeah, i think that makes sense.
# 18:14 
tantek Also, move "* Receviers MAY periodically..." to the end of the list
# 18:15 
ben_thatmustbeme yes, change 'publish' to 'display'
# 18:16 
ben_thatmustbeme CSRF Is
# 18:16 
ben_thatmustbeme 4.4
# 18:16 
ben_thatmustbeme i don't see anything about re-verify anywhere
# 18:16 
aaronpk that's a different CSRF
# 18:17 
tantek And also, reword "* If a receiver chooses to publish ..." to "* If a receiver chooses to display ..." and move it to right before "* Receivers MAY moderate ..."
# 18:21 
ben_thatmustbeme cors uses non-normative for CSRF  https://www.w3.org/TR/cors/#refsCSRF
# 18:21 
cwebber sounds good to me, I don't think we need a resolution here either
# 18:22 
aaronpk haha wat. that's an informative reference to an email in a mailing list?!
# 18:22 
Loqi nice
# 18:22 
ben_thatmustbeme yeah.... :/
# 18:23 
ben_thatmustbeme https://www.w3.org/TR/epr/ even this ... thing. doesn't even have any references to CSRF or XSS
# 18:23 
Loqi [David Ross] Entry Point Regulation
# 18:24 
aaronpk this looks like a pretty good reference https://www.owasp.org/index.php/Cross-Site_Request_Forgery_(CSRF)_Prevention_Cheat_Sheet
# 18:24 
tantek hey this looks better :P https://en.wikipedia.org/wiki/Cross-site_request_forgery
# 18:25 
cwebber owasp?
# 18:25 
ben_thatmustbeme https://www.owasp.org/index.php/Cross-site_Scripting_(XSS)
# 18:25 
cwebber pretty well known secuity site
# 18:25 
cwebber no I have :)
# 18:25 
ben_thatmustbeme i have heard of it before as well
# 18:25 
ben_thatmustbeme only in passing
# 18:25 
sandro https://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet
# 18:26 
ben_thatmustbeme *blinks*
# 18:26 
ben_thatmustbeme 2.84.14 lol
# 18:26 
ben_thatmustbeme thats a lot of ... yeah
# 18:26 
tantek https://www.owasp.org/index.php/Cross-Site_Request_Forgery_(CSRF)
# 18:27 
sandro +1
# 18:27 
ben_thatmustbeme +1
timbl joined the channel
# 18:27 
ben_thatmustbeme https://www.owasp.org/index.php/Cross-site_Scripting_(XSS)
# 18:28 
ben_thatmustbeme and no, i could not find anything referenced for XSS
# 18:28 
sandro https://www.owasp.org/index.php/XSS might be more robust
# 18:29 
ben_thatmustbeme thats the same page
# 18:29 
ben_thatmustbeme redirect
# 18:33 
aaronpk https://media.aaronpk.com/Screen-Shot-2017-01-03-10-33-40.png
# 18:33 
ben_thatmustbeme i feel like the security group should publish some note explaining such things, just so there is a normative reference to it
# 18:33 
aaronpk https://media.aaronpk.com/Screen-Shot-2017-01-03-10-33-48.png
# 18:34 
tantek I think it's better to cite the expanded URL, the expansion makes it more readable even without clicking
# 18:34 
aaronpk agreed
# 18:36 
ben_thatmustbeme lol
# 18:36 
ben_thatmustbeme sandro++
# 18:36 
Loqi sandro has 33 karma in this channel (38 overall)
# 18:41 
aaronpk https://media.aaronpk.com/Screen-Shot-2017-01-03-10-41-18.png
# 18:43 
ben_thatmustbeme "have we finished bikeshedding 4.1 yet" ~tantek just before bikeshedding order more
# 18:43 
ben_thatmustbeme  :P
# 18:44 
tantek ben_thatmustbeme: what I was talking to myself included ;)
# 18:45 
tantek (this is what chairing does to your brain)
# 18:46 
ben_thatmustbeme yes, aaronpk is an overachiever
# 18:47 
aaronpk https://media.aaronpk.com/Screen-Shot-2017-01-03-10-47-54.png
# 18:48 
ben_thatmustbeme +1
# 18:48 
tantek +1
# 18:48 
sandro +1
# 18:48 
cwebber +1 seems good
# 18:50 
aaronpk editor's draft is updated https://webmention.net/draft/
# 18:50 
Loqi [Aaron Parecki] Webmention
# 18:52 
tantek https://webmention.net/draft/#changes-from-01-november-pr-to-rec
# 18:58 
aaronpk sandro: https://github.com/w3c/webmention/commit/6a20994c28ff8ee53e84878206ae4ba67eb88ecb
# 19:00 
ben_thatmustbeme we had said we would do them once a month in the new year
# 19:00 
ben_thatmustbeme +1 for a meeting next week and starting that as our one for the month
# 19:01 
cwebber I'll be around next week
# 19:01 
sandro aaronpk, let me know when the 1/5 draft is staged....
# 19:02 
aaronpk it's there. same URLs as before.
# 19:03 
ben_thatmustbeme cwebber: can you be on earlier next week?
# 19:03 
ben_thatmustbeme just making sure
# 19:03 
cwebber central time, and I can be on earlier
# 19:03 
cwebber could we do 2 hours earler?
# 19:05 
ben_thatmustbeme 2 hours earlier could work for me
# 19:05 
cwebber I mean, I could also do 2.5 hours earlier :P
# 19:05 
ben_thatmustbeme someone should email evan and julien
# 19:05 
ben_thatmustbeme especially
# 19:06 
cwebber current time is during lunchtime for me :)
# 19:06 
cwebber so moving it back works
# 19:06 
ben_thatmustbeme cwebber, yeah, most weeks i am eating during the meeting
# 19:07 
cwebber I'm not usually eating, though during boring parts sometimes I do unload the dishwasher ;)
# 19:11 
tantek logged an informal summary here: https://www.w3.org/wiki/Socialwg/2017-01-03
# 19:11 
ben_thatmustbeme prefers
# 19:12 
ben_thatmustbeme since the change is mainly for her
# 19:12 
ben_thatmustbeme and it may break schedules for others
# 19:14 
ben_thatmustbeme go go go, first REC of the new year
# 19:15 
ben_thatmustbeme https://www.w3.org/TR/2017/WD-html-aria-20170103/
# 19:15 
Loqi [Steve Faulkner] Accessible Rich Internet Applications in HTML
# 19:15 
ben_thatmustbeme oj, just WD
# 19:15 
ben_thatmustbeme view-source:https://www.w3.org/TR/
# 19:16 
ben_thatmustbeme and searching for 2017
# 19:16 
ben_thatmustbeme tantek:  https://www.w3.org/2016/12/open-web-platform.html.en
# 19:17 
ben_thatmustbeme bye
# 19:18 
tantek I've taken the CSS logo on w3.org complaints to #css
# 19:18 
tantek to see if anyone there is paying attention
# 19:37 
tantek aside: this is pretty cool https://www.owasp.org/index.php/About_OWASP
timbl joined the channel
# 20:38 
Zakim excuses himself; his presence no longer seems to be needed
# 20:38 
Loqi bye
KevinMarks and KevinMarks2 joined the channel