IRC log of social on 2017-01-03

Timestamps are in UTC.

17:58:53 [RRSAgent]
RRSAgent has joined #social
17:58:53 [RRSAgent]
logging to http://www.w3.org/2017/01/03-social-irc
17:58:55 [trackbot]
RRSAgent, make logs public
17:58:55 [Zakim]
Zakim has joined #social
17:58:57 [trackbot]
Zakim, this will be SOCL
17:58:57 [Zakim]
ok, trackbot
17:58:58 [trackbot]
Meeting: Social Web Working Group Teleconference
17:58:59 [trackbot]
Date: 03 January 2017
17:59:04 [sandro]
present+ sandro
17:59:15 [KevinMarks2]
KevinMarks2 has joined #social
17:59:44 [tantek]
tantek has joined #social
18:02:17 [tantek]
hmm - I didn't see anyone create https://www.w3.org/wiki/Socialwg/2017-01-03
18:03:11 [aaronpk]
present+
18:04:28 [tantek]
present+
18:06:25 [tantek]
no official telcon today, but we are unofficially on the call discussing https://github.com/w3c/webmention/issues/84
18:08:25 [ben_thatmustbeme]
present+
18:08:33 [cwebber]
present+
18:10:22 [ben_thatmustbeme]
yes
18:10:28 [cwebber]
I didn't hear
18:10:32 [cwebber]
was plugging in my headphones
18:10:51 [sandro]
https://github.com/w3c/webmention/issues/84
18:12:11 [tantek]
Proposing inserting second bullet point to 4.1:
18:12:26 [tantek]
• Receivers MUST verify Webmentions per section 3.2.2
18:12:27 [ben_thatmustbeme]
yeah, i think that makes sense.
18:14:06 [tantek]
Also, move "* Receviers MAY periodically..." to the end of the list
18:15:41 [ben_thatmustbeme]
yes, change 'publish' to 'display'
18:16:00 [ben_thatmustbeme]
CSRF Is
18:16:06 [ben_thatmustbeme]
4.4
18:16:44 [ben_thatmustbeme]
i don't see anything about re-verify anywhere
18:16:59 [aaronpk]
that's a different CSRF
18:17:10 [tantek]
And also, reword "* If a receiver chooses to publish ..." to "* If a receiver chooses to display ..." and move it to right before "* Receivers MAY moderate ..."
18:21:19 [ben_thatmustbeme]
cors uses non-normative for CSRF https://www.w3.org/TR/cors/#refsCSRF
18:21:20 [cwebber]
sounds good to me, I don't think we need a resolution here either
18:22:05 [aaronpk]
haha wat. that's an informative reference to an email in a mailing list?!
18:22:11 [Loqi]
nice
18:22:15 [ben_thatmustbeme]
yeah.... :/
18:23:50 [ben_thatmustbeme]
https://www.w3.org/TR/epr/ even this ... thing. doesn't even have any references to CSRF or XSS
18:23:52 [Loqi]
[David Ross] Entry Point Regulation
18:24:19 [aaronpk]
this looks like a pretty good reference https://www.owasp.org/index.php/Cross-Site_Request_Forgery_(CSRF)_Prevention_Cheat_Sheet
18:24:32 [tantek]
hey this looks better :P https://en.wikipedia.org/wiki/Cross-site_request_forgery
18:25:04 [cwebber]
owasp?
18:25:14 [ben_thatmustbeme]
https://www.owasp.org/index.php/Cross-site_Scripting_(XSS)
18:25:16 [cwebber]
pretty well known secuity site
18:25:19 [cwebber]
no I have :)
18:25:33 [ben_thatmustbeme]
i have heard of it before as well
18:25:42 [ben_thatmustbeme]
only in passing
18:25:55 [sandro]
https://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet
18:26:11 [ben_thatmustbeme]
*blinks*
18:26:23 [ben_thatmustbeme]
2.84.14 lol
18:26:37 [ben_thatmustbeme]
thats a lot of ... yeah
18:26:49 [tantek]
https://www.owasp.org/index.php/Cross-Site_Request_Forgery_(CSRF)
18:27:19 [sandro]
+1
18:27:23 [ben_thatmustbeme]
+1
18:27:28 [timbl]
timbl has joined #social
18:27:50 [ben_thatmustbeme]
https://www.owasp.org/index.php/Cross-site_Scripting_(XSS)
18:28:13 [ben_thatmustbeme]
and no, i could not find anything referenced for XSS
18:28:56 [sandro]
https://www.owasp.org/index.php/XSS might be more robust
18:29:16 [ben_thatmustbeme]
thats the same page
18:29:20 [ben_thatmustbeme]
redirect
18:33:43 [aaronpk]
https://media.aaronpk.com/Screen-Shot-2017-01-03-10-33-40.png
18:33:43 [ben_thatmustbeme]
i feel like the security group should publish some note explaining such things, just so there is a normative reference to it
18:33:49 [aaronpk]
https://media.aaronpk.com/Screen-Shot-2017-01-03-10-33-48.png
18:34:05 [tantek]
I think it's better to cite the expanded URL, the expansion makes it more readable even without clicking
18:34:22 [aaronpk]
agreed
18:36:04 [ben_thatmustbeme]
lol
18:36:07 [ben_thatmustbeme]
sandro++
18:36:07 [Loqi]
sandro has 33 karma in this channel (38 overall)
18:41:25 [aaronpk]
https://media.aaronpk.com/Screen-Shot-2017-01-03-10-41-18.png
18:43:22 [ben_thatmustbeme]
"have we finished bikeshedding 4.1 yet" ~tantek just before bikeshedding order more
18:43:36 [ben_thatmustbeme]
:P
18:44:47 [tantek]
ben_thatmustbeme: what I was talking to myself included ;)
18:45:05 [tantek]
(this is what chairing does to your brain)
18:46:58 [ben_thatmustbeme]
yes, aaronpk is an overachiever
18:47:56 [aaronpk]
https://media.aaronpk.com/Screen-Shot-2017-01-03-10-47-54.png
18:48:22 [ben_thatmustbeme]
+1
18:48:23 [tantek]
+1
18:48:31 [sandro]
+1
18:48:53 [cwebber]
+1 seems good
18:50:51 [aaronpk]
editor's draft is updated https://webmention.net/draft/
18:50:53 [Loqi]
[Aaron Parecki] Webmention
18:52:52 [tantek]
https://webmention.net/draft/#changes-from-01-november-pr-to-rec
18:58:05 [aaronpk]
sandro: https://github.com/w3c/webmention/commit/6a20994c28ff8ee53e84878206ae4ba67eb88ecb
19:00:09 [ben_thatmustbeme]
we had said we would do them once a month in the new year
19:00:46 [ben_thatmustbeme]
+1 for a meeting next week and starting that as our one for the month
19:01:46 [cwebber]
I'll be around next week
19:01:56 [sandro]
aaronpk, let me know when the 1/5 draft is staged....
19:02:11 [aaronpk]
it's there. same URLs as before.
19:03:01 [ben_thatmustbeme]
cwebber: can you be on earlier next week?
19:03:10 [ben_thatmustbeme]
just making sure
19:03:24 [cwebber]
central time, and I can be on earlier
19:03:44 [cwebber]
could we do 2 hours earler?
19:05:12 [ben_thatmustbeme]
2 hours earlier could work for me
19:05:28 [cwebber]
I mean, I could also do 2.5 hours earlier :P
19:05:31 [ben_thatmustbeme]
someone should email evan and julien
19:05:38 [ben_thatmustbeme]
especially
19:06:19 [cwebber]
current time is during lunchtime for me :)
19:06:22 [cwebber]
so moving it back works
19:06:48 [ben_thatmustbeme]
cwebber, yeah, most weeks i am eating during the meeting
19:07:17 [cwebber]
I'm not usually eating, though during boring parts sometimes I do unload the dishwasher ;)
19:11:25 [tantek]
logged an informal summary here: https://www.w3.org/wiki/Socialwg/2017-01-03
19:11:55 [ben_thatmustbeme]
prefers
19:12:03 [ben_thatmustbeme]
since the change is mainly for her
19:12:12 [ben_thatmustbeme]
and it may break schedules for others
19:14:17 [ben_thatmustbeme]
go go go, first REC of the new year
19:15:41 [ben_thatmustbeme]
https://www.w3.org/TR/2017/WD-html-aria-20170103/
19:15:44 [Loqi]
[Steve Faulkner] Accessible Rich Internet Applications in HTML
19:15:48 [ben_thatmustbeme]
oj, just WD
19:15:56 [ben_thatmustbeme]
view-source:https://www.w3.org/TR/
19:16:01 [ben_thatmustbeme]
and searching for 2017
19:16:44 [ben_thatmustbeme]
tantek: https://www.w3.org/2016/12/open-web-platform.html.en
19:17:25 [ben_thatmustbeme]
bye
19:18:44 [tantek]
I've taken the CSS logo on w3.org complaints to #css
19:18:50 [tantek]
to see if anyone there is paying attention
19:37:23 [tantek]
aside: this is pretty cool https://www.owasp.org/index.php/About_OWASP
20:38:10 [timbl]
timbl has joined #social
20:38:45 [Zakim]
Zakim has left #social
20:38:57 [Loqi]
bye
20:43:13 [KevinMarks]
KevinMarks has joined #social
20:55:44 [KevinMarks]
KevinMarks has joined #social
22:57:09 [KevinMarks2]
KevinMarks2 has joined #social