## IndieWeb Summit day 2: Authl finally gets some love

One of the biggest bits of functionality I want to get in the next milestone for Publ is private posts. Doing private posts requires some way of determining the identity of the person who is reading the site. There are a lot of mechanisms to choose from. Most of them are largely incompatible with one another, and there isn’t any single mechanism that checks all my boxes. And of course the standards keep on shifting, and keep on getting a new unifying standard that will fix everything.

So, IndieLogin is a really great way to get started with IndieWeb authentication for people who are in the IndieWeb ecosystem. If you have your own website on your own domain name and an account on one of its connected RelMeAuth providers, it covers everything. But not everyone who I want to grant stuff to has their own website, or the ability to set one up. Siloed OAuth is still useful. And being able to log in via email address is also beneficial.

## IndieWeb Summit 2019, day 1

First day of #IndieWeb Summit, scattered notes that I take as they come. Hopefully I don’t end up misrepresenting things too badly.

David Yates wrote a great defense of RSS which I completely agree with. To summarize the salient points:

• RSS is very well-supported by a lot of things
• RSS is a suitable name as shorthand for “RSS/Atom” because the name “Atom” is overloaded and basically anything that supports Atom also supports RSS and vice-versa

(Note that there’s one inaccuracy in that since that article was written, Twitter has moved over to algorithmic manipulation of the timeline. This can currently be disabled but who knows how long that’ll last?)

Most IndieWeb folks are also really gung-ho about mf2 and h-feed, and while I don’t see any reason not to support it (and it certainly does have some advantages in terms of it being easier to integrate into a system that isn’t feed-aware or convenient to set up multiple templates), I’ve run into plenty of pitfalls when it comes to actually adding mf2 markup to my own site (for example, having to deal with ambiguities with nesting stuff and dealing with below-the-fold content, not to mention a lot of confusion over things like p-summary vs. e-content), and so far there doesn’t seem to be any real advantage to doing so since everything that supports h-feed also supports RSS/Atom, as far as I’m aware.

For me the only obvious advantage to h-feed is that you can add it to one-size-fits-none templating systems like Tumblr where you don’t have any control over the provided RSS feed, but in those situations there’s not really a lot more added flexibility you’re going to get by adding h-feed markup anyway. I guess it also makes sense if you’re hand-authoring your static site, but that just means it becomes even easier to get things catastrophically wrong.

## Keeping it personal

I just read this great essay by Matthias Ott. It does a great job of summarizing the state of affairs of blogging and social media, and how we can try to escape the current orbit to get back to where the web was meant to be.

I especially like the bit about “Don’t do it like me. Do it like you.” Because that is exactly why I’ve been building Publ the way I have; I have specific goals in mind for how I manage, maintain, and organize my site, and these goals are very different than what other existing blogging and site-management software has in mind. The fact that I post so many different kinds of content and that they need different organizational structures to make sense makes this a somewhat unique problem. I’d like to think that Publ is a very general piece of web-publishing software, but it’s probably so general because I have such specific needs. Which makes for an interesting paradox, I suppose.

I guess what I’m saying is that I want to see more types of web-based publishing where the schema and layout fit the content, not the other way around. But it also needs to be able to interoperate with other stuff, while still making sense from a producer-consumer UX perspective.

## IndieWeb Summit 2019

RSVP: yes

I believe that I will go to the 2019 IndieWeb summit. It’s in nearby Portland in about a month. It’d be nice to talk to folks in person about IndieWeb stuff and maybe get more eyes on Publ, in particular.

## Reblob!

It’s been a while since I’ve worked on IndieWeb stuff, but I finally got around to releasing an extremely preliminary version of reblob, a little commandline thingus to make this stuff easier. Eventually I’ll also have a server-based version here, at least as an example.

Of course this is the first entry I’ve written actually using it. Lots of rough edges but whatever!

## Medium tedium

Repost: https://micro.coyotetracks.org/2019/04/13/medium-thinks-its.html

Watts Martin writes:

There’s a lot of reasons people are down on Medium, Ev Williams' ongoing whatever-the-hell-it-is. It’s a platform! It’s a publication! It’s a platform for publications! It’s a clean, clutter-free reading experience, except for all the clutter!

There have been a few great stories written about this; my favorites are reporter Laura Hazard Owen’s “The long, complicated, and extremely frustrating history of Medium” and acerbic typographer Matthew Butterick’s “The Billionaire’s Typewriter.” (He occasionally updates this, most recently linking to Owen’s article.) Butterick critiques Medium’s design from an ethical standpoint, which turns out to be bang on point with Medium’s ultimate underlying problem:

Medium thinks it’s a brand.

The rest of the entry is very much worth reading, and is a great description of all the things I hate about Medium and why I wrote Publ and insist on hosting my own blog instead. And I’m sure is why there are so many other self-hosted blog engines available and getting stronger these days.

In response to my tagging announcement, Marty McGuire writes:

This could be a use case for tag-reply posts!

Brid.gy supports this for tagging people in Flickr posts, as well as adding labels to GitHub issues.

(wow I really have got to write some sort of reply-to post importer… hand-converting that to Markdown was way more work than it should have been!)

I’m not quite sure I understand the use case that’s being called for, here. Publ tags are “tags” in the Tumblr sense, where they’re used to filter and organize posts, like being able to limit things to rants or whatever; I get the feeling that this is confusion over multiple uses of the word “tag,” like how on Twitter/Facebook/Flickr/etc. “tagging” means signaling to someone that they should read a post (akin to “Tag! You’re it!”). Think Technorati tags from way back when, or Atom categories, which are most akin to hashtags on Twitter and Facebook.

I think a tag-as-in-notification thing would be implemented in Publ the same way I implement in-reply-to and so on – I have a corresponding header in the entry file and my template generates an invisible <a class="u-in-reply-to" href="..."> in the post body. The relevant bit in my entry template is:

{% for type in ('like-of', 'in-reply-to', 'repost-of', 'bookmark-of', 'mention-of', 'rsvp') %}
{% for link in entry.get_all(type) %}
{% endfor %}
{% endfor %}


So in that sense Publ already supports that at the template level; I can simply add tag-of to the list of microformat types. Or am I completely misunderstanding what is being suggested?

## So what is Subl, anyway?

So I’ve been talking about distributed social stuff a lot lately, especially Publ (my publishing engine, which runs this site, in case you are new here), and also ecosystem stuff for things like private entries and other things that have been pinging around in my head for a while.

A thing I keep on mentioning is Subl, but generally only talking about it tangentially without actually going into detail with what it even is. So, I guess I should talk about that at some point.

## The authenticated Atom musings continue

Now that I’ve had a chance to think about this more than what was afforded by a quick response fired off between songs at a karaoke bar, I feel like expanding more on the details that I’d only implied (and probably badly) from the previous post. So, here’s how I think things could look.

## Federated access control with Atom and WebSub

I’ve been ranting about ActivityPub vs. RSS/Atom a lot lately, and I think I’ve proven to myself (and maybe a few others) that for fully-public content feeds, Atom (combined with WebSub and WebMention) is superior to ActivityPub; it’s simpler to implement, works with many more hosting environments and configurations, it generally scales better (and handles scaling failures better), and it’s modular and allows for much eaiser migrations between hosting setups and so on.

But one thing ActivityPub supports which Atom does not is the notion of private content. The way it does support this is a bit hamfisted (in that ActivityPub publishers choose to only push content to endpoints which have a trusted user, and endpoints only forward that content over to the trusted users, albeit in a not-very-trustable way). It doesn’t inherently support the ability to backfill older content (or make it otherwise browseable) to someone who is granted friends-only access after-the-fact, though, and it has many scaling and security implications in how this works (since it requires push to be reliable and requires the recipient’s storage of said push notifications to also be reliable).

I’ve put a lot of thought into how to add friends-only stuff to Atom on and off over the years; my previous blog (which used Movable Type for publishing and phpBB for comments) actually had an ad-hoc implementation which worked sort of okay; people could authenticate with my site’s forum, and people in a trusted friend group would see private content. On the public feed, if their reader were logged into the forum (via cookie sharing etc.) it would see the private content in the feed, otherwise it would see placeholders saying “THis is a friends-only entry, please visit the site to read it.” It worked okay but it was never great.

Anyway, I think I have finally come up with an auth approach that works with Atom and offers a… well, least-bad solution all around, which scales better and more reliably than ActivityPub while working with WebSub and existing/legacy feed readers.