WeChat ID
aaronpk_tv
-
San Francisco, California • Mon, April 30, 2018 4:11pmHello again San Francisco! -
I'm going!
Homebrew Website Club Baltimore returns!
Roving IndieWeb developer grant.codes, lead developer of the Together indie reader, will also be joining us!
-
April videos are up!
@sandyaaaas on learning from localization
@ryrykubes on game development as skill-building
@elnoelle on compassionate self-help
Thanks @oktadev for sponsoring our videos, @aaronpk for recording/producing, @stenoknight for captions! https://www.youtube.com/watch?v=bHbYpCrLAcU&list=PLclEcT4yxER5GdFXyfceiDS1IDX4qk9Lp -
Portland, Oregon • Mon, April 30, 2018 11:26amDonut pickup for Tantek
-
vishae
https://github.com/vishae
•
Apr 28
Hi @aaronpk
When I add the first line, this is the error message I get (when attempting to send a previous post to my site - after the verification process):
HTTP/1.1 100 Continue
HTTP/1.1 500 Internal Server Error Server: nginx/1.12.2 Date: Sat, 28 Apr 2018 06:32:25 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive X-Endurance-Cache-Level: 2
That is the same error message I get if I remove that line and add the second line you suggested (I'm assuming you didn't want both lines in the .htaccess file).
Okay, thanks for giving that a try. We're working on a fix and should hopefully have an update shortly. -
Does this match the behavior as described in the readme? https://github.com/indieweb/php-mf2#generating-output-for-json-serialization-with-json-mode See also this issue which looks like the same thing but for `rels` https://github.com/indieweb/php-mf2/issues/29
-
I'm going to be hosting a workshop on @OAuth_2 this fall in Nürnberg, Germany! 🔐 Only 15 spots available, so sign up now! https://colloq.io/events/tollwerkstatt-workshops/2018/nurnberg/2
-
📢 Ever needed to implement #OAuth and had a hard time to wrap your head around? Want a sound understanding of all things @oauth_2? Happy to host a workshop about just that, with @aaronpk («OAuth 2.0 Simplified»), during @nueww, on October 18th. Join us! https://colloq.io/events/tollwerkstatt-workshops/2018/nurnberg/2
-
I made a VGP (very good program) that makes it so it looks like I’m typing on slack whenever anyone else is typing, and stops when they stop.
Everyone loves it so far and doesn’t find it annoying at all!
https://github.com/will/slacktyping -
sknebel
https://github.com/sknebel
•
Apr 26
A potential manual way: have a !snooze command that blacklists a string for e.g. 24 hours.
!snooze is not a bad idea, that gives people the ability to make the decision about what to filter.
I do have some code that Loqi uses to kick people out of the IRC room when they spam it that might also work here, but I'd be worried about too much false positive filtering. It looks at a normalized version of the text (lowercase, no whitespace or punctuation, minus URLs) and could reject tweets that match an existing one found in the last 24 hours. That would have stopped a bunch of these from coming through. -
Zegnat
https://github.com/Zegnat
•
Apr 25
This totally slipped me by, so here we go. I do like the idea of logging things, and
syslog()is probably the best solution unless we want to pull in something like PSR-3. More thoughts:- I would not turn any logging on by default. I do think logging IPs with authentication requests makes sense, and I would simply never want to log any IPs by default. Especially when people running this on shared hosts might be feeding it into logs they themselves cannot clear.
LOG_FAILED_PASSWORDSsounds like a nice-to-have that needs massive disclaimers around it. We can’t work on the assumption that everyone is using a password manager. This means people are typing their passwords, and typos happen. This option sounds good, but if you over time fill logs with deviations of your real password, you better be making sure you are purging those logs real good. (Of course again with the problem thatsyslog()may be out of reach to the user who unwittingly turned this on.)
I can almost see us strategically dropping these into the source code, but commented. Anyone who understands
syslog()and wants to use it to trip up other alarm bells on a server, will probably be OK uncommenting a couple of functions. Even if they aren’t well versed with PHP. This will at least keep it out of the hands of users who cannot see the possible side-effects.Like the idea, just not sure how to execute it without giving users some flags in the config with huge warning disclaimers. And I don’t like warning disclaimers in what is supposed to be a simple single-purpose thing.
I like the idea of making logging opt-in by uncommenting the code. I'm struggling to think of a case where logging failed passwords is ever a good idea. It seems others would agree with this assessment as well. https://security.stackexchange.com/questions/16824/is-it-common-practice-to-log-rejected-passwords -
Portland, Oregon • Wed, April 25, 2018 11:17amSome crazy new colors going on here!
-
Just downloaded my @instagram dump and I'm pretty disappointed. 😔
• My comments include only the comment text, a timestamp, and the photo author. No way to know what I'm commenting on
• Same for photos I've liked
• There's no indication of likes or comments on my own photos -
In practice this is enforced by the PHP process itself. PHP has a setting for a maximum memory limit, at which point the process will be killed. I'm not really interested in trying to solve this for real using some sort of stream solution, since the vast majority of content this is used for is relatively small pages.
-
Hello from @donutjs, packed house tonight! We're livestreaming tonight thanks to support from @oktadev! https://youtu.be/4czBvCbtiWw
-
Portland, Oregon • Tue, April 24, 2018 5:32pm#DonutJS setup
-
We are very happy to let you know that @oktadev is sponsoring our video recording and production!
Okta provides authentication, authorization, and user management to your web or mobile app. Learn more at http://developer.okta.com!
🔑🍩‿🍩🔒
