## More iTunes/iPhone sync woes

So, I’m still having the iPhone sync issue, only now it’s gotten so bad that I can’t even sync my music after doing a full factory restore of my phone. Ridiculous.

As an attempt at just getting my dang music on my phone I decided to sign up for another Apple Music trial period, figuring I’d use the iCloud Music Library sync stuff instead.

Unsurprisingly, it doesn’t really work.

I guess I haven’t posted a public update on my gabapentin experiment in a while. Yesterday I started taking it twice a day, 100mg each time. I also created a simple blood serum estimator more to satisfy curiosity than anything else; I don’t expect it to be all that useful for anyone although I’m thinking that at some point I’ll add the ability to plot graphs and maybe specify the times of days for the doses or something?

Anyway, taking it in the morning as well as the evening means that I get a nice surge of dizziness, which will supposedly pass eventually (and will get better when I get up to 3x a day). So far I’m not noticing any difference in my pain levels, and I kinda feel like my emotions might be a bit more intense? Last night I certainly had a bout of frustration with technology and drawing apps (I really want to work on comics again and I feel like my tools are actively getting in the way!) but I’m feeling much more even-keeled today at least. Drowsy a lot though.

This is certainly an interesting time for me to be experimenting with my neurochemistry, as I only have a few days left at my current job and am also trying to ramp up on some projects at the AR startup while also juggling an interview process with a well-known and generally-beloved non-profit corporation that I’d love to work at – and so far that’s been going really well! I just hope my brain has stabilized again by the next interview, which is yet to be scheduled. Anyway I’m waiting for that to happen before I go up to 3x100mg of gabapentin.

Oh also I’m finally making progress on redoing my kitchen, which is way overdue. The previous owners had done a really cheap, low-quality job of refurbishing it about 10 years ago, and it’s all been falling apart. I’m taking the opportunity to finally fix some long-standing issues with it, like a lack of storage (caused by a ripple effect from a way-too-large sink) and also switching to a smaller refrigerator and dishwasher (freeing up more storage space). Also going to finally get a new range, with such perfect timing since the oven in the existing one has finally given up the ghost for good. Unfortunately there’s only one range available that actually fits in the space (due to the odd venting configuration) and going with a different solution would require a lot of compromises and be way more expensive (due to the aforementioned odd venting situation), but still, I think everything will be better in the long run.

In any case, given that I’ll soon be working from home most of the time again, it’ll be good to have a space where I can enjoy cooking for myself again.

(I’m also looking forward to getting back in the habit of buying bulk produce and unbutchered meat at my favorite restaurant supplier. And probably doing more sous vide again!)

## My review of the new Amazon Go store

There’s a new Amazon Go store on the way home from my therapist, and I was feeling too tired to think about dinner so I decided to just check it out.

There’s a little seating area in front and a greeter who watches you to help people out (and probably make sure they aren’t up to Shenanigans). I suspect that there’s actual human intelligence going on and it isn’t purely AI like the marketing leads everyone to believe. Still, I have some ideas for things to test.

Food selection is pretty okay. The prices are fairly reasonable for Seattle. It’s mostly sandwiches and salads and snacks, and I think they’re all made elsewhere (probably at the flagship store downtown).

I ended up getting a “Tex-Mex Salad with Beef” and a caramel latte. The salad was $8.50. The coffee was$1.85, on sale, although the regular price is \$2.35 which is still really cheap for Seattle. The cup and lid were Starbucks-branded, but the cardboard cozy thing said Amazon Go on it.

The salad was pretty okay. It had too much quinoa and not enough lettuce for my taste, but it was tasty and more or less filling. It did have an expiration date of today. I wonder when it was actually made.

The coffee was a bit too sweet and also wasn’t very hot by the time I got home and I suspect it wasn’t actually freshly-brewed hot. They did have regular and decaf options, but no non-dairy milks. It tasted okay. They let you bring your own cup, which is nice.

Not a fan of how it’s yet another case of tech displacing workers from jobs and automating everything away while driving even more of a wage gap and an overall wealth divide.

Also the salad selection could be better.

All in all I think it’s a place I’ll go to get cheap, quick coffee but I don’t expect to make a habit out of it.

They’re also opening a gigantic flagship store a block from my home. I look forward to seeing what the anarchists do to it.

## Alec, isolation, solidarity

Scott Benson wrote a more detailed, public article about what had been going on with him and Alec Holowka. Please read the whole thing, but I want to especially highlight this paragraph:

I’d asked people who knew not to tell anyone. This is pretty common. I had reasons- during development we couldn’t deal with publicly hashing this out, I was too exhausted to handle some big public thing with Alec, etc. And I was too far removed from Alec’s social circles to really know what was happening there. And lots of other people who had similar experiences with Alec never told me, or anyone. It’s common. I wasn’t keeping Alec’s secret. I was keeping mine. That’s how this happens.

That feels a lot like the shit I’d been holding on to privately for the past 8 years. Nobody wanted to tarnish the reputation of a widely-beloved person, and I’m still afraid of actually directly naming him in these posts. I don’t want to relive the community abuse I experienced, especially if it means being seen as being a “collaborator” or “protector” of a serial abuser, and on the other hand being seen as someone who’s looking for attention or some perceived “clout.”

In the aftermath of my writeup, on Sunday I had a very good conversation with the mutual friend who’d taken on the burden of the wellness check and the estate management. I won’t repeat anything of what he said (that’s his story to tell, of course) but the conversation helped me quite a lot, and I hope it helped him too.

For what it’s worth, the past two days have been the lowest-pain I’ve had in a while.

Seeing the reactions to Scott’s articles, including on the now-quite-toxic backers-only thread on the NITW kickstarter, all I can hope for is that everyone eventually finds their peace with this, and that we as a society start having better, more open conversations about this stuff before it turns tragic.

## There are no happy endings

The recent unfortunate and tragic news about Alec Holowka has hit me very hard. On the one hand, I was a fan of his music and games, and saddened that he could be responsible for such things. But also the reaction at large to every stage of this whole horrible affair has been dredging up some very bad, stressful feelings that have been affecting me for the past eight years, and I feel it’s finally time to talk about it publicly.

I am not going to name names, even though the names are easy enough to figure out. I don’t want this to be about me, either, but I am necessarily talking about a thing that happened to and around me, and affected many people in a profound, terrible way.

In particular, I have at least something of an understanding of what Scott Benson is going through right now.

This is probably going to be a difficult read.

Read more… (CW: suicide, abuse of minors)

## Gabapentin, day 1

So, yesterday I finally got my prescription for gabapentin/Neurontin, as another attempt at managing my fibro symptoms. Took my first dose at 9 PM, and felt very tired and dizzy by 11 PM. Then still managed to not fall asleep until around 3 AM (I was definitely wide awake at 2, and my smart bed thing says I didn’t fall asleep until 3 so that seems believable).

I slept pretty okay although I had vivid dreams about unpleasant stuff, as always seems to be the case when my neurochemistry is being tampered with.

Woke up at 8 AM, couldn’t actually peel myself out of bed until half past 9, and I felt wobbly/dizzy/tired all day.

Pain was okay in the morning, but at 2:40 PM or so I had a flareup. It cleared up with a snack, though, and I kinda-sorta managed to get some actual work done, ish.

Went home at 6, had dinner, not sure where the past two hours went but I’m really tired and sleepy right now and also flaring like a matroncopulator, and it’s time for my next dose. Maybe I’ll sleep better/longer tonight and feel better tomorrow.

## Auth security tweak

I’m working on improving some of the https-related security in Authl, in particular making it so that if a site is configured with https, then it’ll only send the security cookie over https. This reduces the chances of a certain kind of possible security issue, but it also means that if you normally access the site with http://beesbuzz.biz instead of https://beesbuzz.biz it’ll show you as being signed out, and if you click the “log in” link it’ll ask you to sign in again even if you were already signed in.

I have a fix for that in mind, but it might cause a potential redirection loop problem in some cases so I’m not going to implement it until I’ve determined the scope of the problem and figured out if I need further workarounds.

Update: Fix is implemented and being tested on this site. Authl and Publ updates pending other folks trying it out.

## So about that AMP-script thing

Two days ago, Google breathlessly announced this amazing new revolution for websites:

Or in other words:

Let’s make a limited subset of the web that guarantees performance! No JavaScript, to keep it lean!

(Two weeks later)

## Novembeat has a website now

For the last few years I’ve participated in a thing called Novembeat, started by my friend Paul. Whenever I tell people about it they’re never sure how to find out more, though, because there’s no website.

So, I finally fixed that.

## Yet another rehash

So, one of the things with the Isso migration is that I finally came up with a better way of handling thread IDs to keep them actually-private. And part of that is the mechanism to rehash them.

Which is good, because I keep on accidentally leaking the dang secret sauce. The first time was when I updated my sample templates with the comment hash generation (and I accidentally left the HMAC key intact), and the second time was when I started building a new Publ-based website and decided to start with my actual app.py as the basis, HMAC key and all, never mind that I later ended up removing about 90% of the beesbuzz.biz custom routes and the Authl config since they’re not actually needed for this site. Yeesh.

Anyway, whatever. Someday I’ll learn my lesson (and maybe I’ll even go so far as to make the HMAC key not even be checked into code!), but today is not that day.

Now Twitter is an option for logging in to this site. See the Authl release announcement for more information on that.

## You can now use IndieAuth to login to this site

I’ve released a new version of Authl that has direct login support for IndieAuth. Also as of v0.1.6 it supports discovery via WebFinger, which should at least have Ryan a lot happier.

If you don’t know what any of the above means, this update probably doesn’t matter to you. 🙃

Just some miscellaneous things that I don’t feel are worth getting their own entries.

• For the last few weeks I’ve been trying only using shampoo on occasion when I feel that my hair is truly dirty, on the theory that hair does a good job of self-regulating its moisture when it’s not being disrupted constantly. I’m finding that my hair is, as such, much more lustrous and also doesn’t tangle as easily. But it still feels greasy all the time.
• Today (Saturday) I finally had the courage to go into Patchwerks and I managed to not completely destroy my wallet or make any regrettable space-chewing purchases. It’s a fun shop, and I played with a bunch of neat things including some modular and semi-modular gear, and I got to nerd out about my SIDstation with the folks who were working there (and one of the other customers talked about his MonoMachine as well). I ended up buying a couple of Pocket Operators, specifically the PO-20 Arcade and the PO-35 Speak. They’re both fun to play with.
• The new Rocko’s Modern Life special (Netflix) was just as frenetic and dissociative as the original show was, but it also had a really good message. Also, yay, positive non-metaphorical trans representation in cartoons!
• She-Ra season 3 (Netflix) was amazing and intense and I watched it all in one sitting. Hopefully Netflix lets this show keep going.
• So is Infinity Train (Cartoon Network), which I watched the first half of. The Cartoon Network app for Apple TV is complete garbage though, especially for serialized content. It’s as if they never even test the thing at all.
• I wonder if HBO Max will be worth it just to get a better CN viewing experience.
• I keep forgetting how badly bulleted lists work for blog posts.
• Huh, HBO Max is going to have a Dune prequel series called “Dune: The Sisterhood,” about the Bene Gesserit presumably in the years leading up to Paul’s birth. Interesting.
• I should have been in bed two hours ago. I wonder if this is why I’m always having fibro flareups these days.
• Oh and I’m back to using my CPAP again. It seems to be helping for now.

## Comments more or less restored

As far as I know, all of the comments have been restored and mechanically updated to work correctly. It’s pretty neat that I actually have comments dating back to 2003, that have survived four separate comment systems! (Movable Type, phpBB, Disqus, and now Isso.) And some of the oldest ones hadn’t been visible for years, since I never got around to migrating them over to my comics section before.

I also now have a script to automatically rehash the thread IDs in case the HMAC key leaks, as it did yesterday when I accidentally forgot to redact it from the sample templates repository, oops. I doubt anyone saw that but now it doesn’t matter if they did.

I do want to make a final migration script to try adding thread nesting to comments which quote other comments. I have a good idea of how to do it but it’s gonna be tricky and since Isso apparently uses oldest-to-newest sort on comments I don’t know how useful it’ll be, anyway. But I like doing that sort of thing.

I also have automated backups of my comment database, as well as having it checked into a git repository so I can do simple checkpointing whenever I do something funky with a migration (and it means I can also run the migration on my local machine instead of having to worry about hecking something up in production). And of course since Isso runs as its own systemd unit I can easily take it down while I’m doing a thing. (If you ever notice my comments completely vanishing for a while, that’s probably what happened. Unfortunately there isn’t any easy way to show a reasonable message when that’s what’s going on.)

So, now I feel a lot more confident in the privacy and longevity of my comments. Which is good because I have a lot more private stuff to talk about. 😛

## More comment migration stuff

Because my original import from phpBB to Disqus got botched, and the Disqus to Isso import lost a bunch of useful information, I ended up just going back to my old phpBB database and reimporting it directly into Isso. It mostly went well but there’s a few things that I need to go back and fix. This is my TODO list:

• Unescape <a href> stuff that got converted to &lt;a href&gt; (example) DONE
• Defunge the weirder bits of BBCode where e.g. [quote] turned into [quote:abcde] so it didn’t get converted to HTML (example) DONE
• Clean up some older comments where I was a lot more accepting of Problematic Things (not gonna link to any but yeah they’re there) done, I think
• If possible, reparent comments based on [quote]s (way easier said than done, I’ll probably have to do that manually)
• Update: generate a new comment secret key and fix the thread IDs, because I made an oops DONE
• Looks like when I did the reimport of phpBB stuff I accidentally removed some of the earliest Disqus-based comments (example, also) so I’ll have to do a bunch of reconciliation for that, fun fun… DONE

Also some of my earliest journal comics had comments posted via Movable Type’s comment system rather than phpBB, so I’ll want to also migrate those over (which I never got around to doing back when I was still using Movable Type to run my website); back then I just had “native” MT comments rendered in the MT template, which was Good Enough and I figured I’d get around to fixing it later. Well, it’s later. And that’s done. Even though I’m up way later than I meant to be. Oops.

Oh, and since I set up monsterid for the default avatars I feel like I should try to track down the email addresses of the folks who were posting to Disqus and fill that stuff in wherever possible.

I promise at some point I’ll get back to blogging about stuff other than the website itself.

## Proper comment privacy! Yay!

Okay, instead of trying to modify Isso to support thread IDs that are separate from page URIs, I ended up leveraging the way that Publ request routing works and just made all thread IDs consist of a /<signature>/<entry_id> path, where <signature> is computed from an HMAC signature on the entry ID and a secret key. So, now the thread ID is only visible to people who have access to the entry in the first place (as long as my signing key never leaks), and the fact that Isso only uses the thread ID when generating a reply email link isn’t a problem.

So, for example, this entry has an entry ID of 4678, and the generated thread ID is (for example) /890824f4d450d4ac/4678, so when someone gets a reply notification the email will say something like:

such-and-such <foo@bar.baz> wrote:

Good point!

which will then redirect back here.

It’s not ideal, of course, but it works well enough.

Of course, to do this I had to migrate all of my thread IDs again, but hopefully this is the last time I’ll have to do that, and it also takes care of all my legacy Movable Type-era thread IDs. It does set a bad precedent that I’ll have to migrate thread IDs more in the future if I ever change my publishing system but the fact I was able to get away with not doing that for so long is a pretty good testament to my laziness, which I ended up having to pay interest on in the future anyway. So, lesson learned.

Also, this approach is even better privacy than what I was hoping to get out of the Disqus method; as it stood before, someone on my friends list (or who saw an Auth: * entry) could have theoretically figured out the way I was determining private thread IDs and used that to explore comments on entries they don’t have access to, and also there was an issue that if I ever took a public entry private, its thread ID would remain the same as when it was public. But this way, it’s unguessable as long as my HMAC key never leaks, and if my HMAC key does leak I can just reset it and regenerate the thread IDs. (Edit from the future: Ha. Haha. Ha hahaha ha haha. Ha.)

This approach is also useful for things other than Publ; my advice to anyone who’s using Isso for comments is that instead of using the actual entry URI as the thread ID, they should have some sort of stable mechanism for forwarding an opaque thread ID to the actual entry, and use that. This just happened to be really easy to implement for Publ since Publ already supports opaque ID chasing.

## Comment integration blues

So, there’s an issue with Isso which will require a bit of refactoring/feature work on Isso, which I’d might as well try to do since I can’t be the only one who needs to decouple their thread IDs from their URLs.

Anyway, this’ll probably mean that I’ll have to redo the comment import at some point, so don’t get too attached to anything you’ve posted so far.

Update: Rather than doing the right thing for now I’ve opted to just use the shortlink as the identifier. This means that future site migrations will be more painful, and also I need to do some more work to migrate in the old comments from older entries, but I guess the idea of a single universal migration path is a bit silly anyway.

## Moving away from Disqus

So, Disqus has served me pretty well for quickly embedding comments into my website, but there are a few pretty big downsides to it:

• No support for private/hidden threads
• No way to disable random discovery of hidden threads, by design
• They’re trying to make the whole Internet into their own forum rather than providing “just” a comment system (not that anyone even uses it the way they intend)
• Their UX keeps getting more and more cumbersome and annoying

I’m going to look into alternative comment systems, ideally ones I can self-host. Isso looks promising, if a bit sparse. So does Schnack. (I’m going to try Isso first because its setup/requirements are far less onerous.)

Anyway, thanks Passerine for bringing the privacy leak issue to my attention. I figured there was probably something like that lurking in the shadows, but I didn’t think it was quite so close to the surface…

## Long transitions

Tonight, my set at Song Fight! Live went really well. There were some rough patches due to the usual nature of the beast but we managed to hold it together and afterwards everyone told me how great it sounded. I’m overall happy with that.

An “interesting” thing has been happening regarding how people deal with my gender stuff lately though.