Authl update → login reset

I made a change to Authl which more or less necessitated resetting everyone’s login.

I mean, it only really necessitated resetting the logins of folks who sign in via Twitter, but the way Publ authentication works (or at least the way I have it set up on my site) means I can’t reset just an individual session.

Also it didn’t really require a full login reset but it would have been confusing for some folks for some amount of time, so I figured better safe than sorry. “Oops I need to log in again” is a lot less difficult to deal with than “it says I’m logged in, did fluffy remove me from their friends list or something? what did i do wrong :( :( :(”

This also means that all bearer tokens have been reset, so if you were doing something with those you’ll need to generate a new one (either from your profile or via TicketAuth). Of course you automatically get a TicketAuth grant when you sign in anyway, so if you’re using TicketAuth I guess there’s nothing extra you need to do to begin with.

Update: haha I forgot to actually push this entry until like 4 days later oops. well okay have an explanation if you were wondering

PSA regarding quotes in isso

After my recent isso updates, I found that double-quotes had disappeared from most peoples' comments, and it was really weird and I couldn’t figure out why.

Anyway, long story short, it turns out that something changed to cause the EXT_QUOTE support to start converting "s into <q>s, and isso’s HTML sanitizer (which runs after Markdown conversion) isn’t configured to allow that as an HTML element. (Or maybe this was happening all along and I just didn’t notice until now! Nothing in Misaka has changed in that time so I probably just never noticed.)

The fix is to either remove quote from options or add q to allowed-elements in the [markup] section of the isso config file. For example, here’s that section of mine:

beesbuzz.biz.cfg
[markup]
options=strikethrough, autolink, fenced-code, no-intra-emphasis, superscript, highlight, quote, tables
allowed-elements=mark, sup, sub, q

On a related note, don’t enable EXT_QUOTE on Publ if you want quotes to be able to appear in auto-generated entry summaries and the like. (I suppose I should change Publ to always override the Markdown extension configuration where it makes sense…)

Isso comment privacy update

So the reason for my recent mini-rantle was that I found a hidden API in isso that would have made it pretty easy for folks to trivially scrape every comment on my website, including ones on private entries.

Fortunately the fix was really simple and it’s what I have deployed on my site right now.

Read more…

So, comments were broken

So hey, I thought it was weird that nobody had been posting comments on my blog in a while. Turns out comments were just, like, broken, and nobody told me, for some reason.

The problem turned out to be that Isso currently doesn’t work on Python 3.8 (or at least, the current released version, which is ridiculously outdated, doesn’t), and it was easy to roll it back to Python 3.7, thanks to poetry’s pyenv integration. So, score another one for poetry.

But why don’t people actually tell me when they’re having problems with my site? Do people just assume that if something’s broken it’s broken on purpose? Because I mean… no?

Anyway, comments are fixed now.

Read more…

Template refactoring

I’ve done a bunch of refactoring/simplification on my website templates. I think everything still works but if you see something funky, please let me know.

There’s also a lot more I need to fix, especially redoing the CSS to be cleaner and on the comics subsection (which has an entirely different set of templates that aren’t built on HTML5 semantic containers at all), but that can definitely wait.

(I also really want to redo novembeat at some point since I have a better idea of how to structure it now, but that also will wait.)

Server rebuild status

So the nice thing about cleansing fire is it makes me realize that I had a lot of websites that I didn’t really need to keep going, just because I, like, never touch any of them or they’re just for fun.

For example, I was the only user of Reminder Me, and I’ve been moving all of my chore reminders over to the iOS Reminders app anyway, now that it does a better job of it than my crappy little RSS “app.” Given that it was one of the first Python things I wrote (and was a Python CGI, no less) and I’d been planning on rewriting it entirely if I decided I needed it anymore anyway, it doesn’t seem like it’s worth the effort of getting it working with nginx. Plus, it was on Python 2, which is a major pain to even deploy anymore.

It was fun having a “band” website but I hadn’t substantially updated it since the release of Refactor back in 2015. So, I’ll just make it redirect to my bandcamp. I’ll probably want to get my static large-file storage bit up separately though.

Similarly, I don’t really see any point in putting my professional audio portfolio back online at this time; it was woefully outdated and never got a lot of traffic from people looking for what I was offering anyway. So, meh to that one.

I was hosting a couple of small websites for my parents and another for a friend, and I unfortunately didn’t think to back them up in advance. It would have made my life a lot easier if I’d not been going so impulsively. Impulse control, what even is it? Anyway, hopefully all that content still exists elsewhere.

Mostly I’m just noticing just how many heckin' domains I have and how pointless most of them are. Especially now that most browsers don’t allow emoji domains anymore.

Whoops

The plus side of using sqlite for everything: all my site data is just stored in files that are easy to recover!

The minus side of using sqlite for everything: way too easy to clobber newer content while incrementally restoring backups.

Well that blew up…

So, I found out that my wildcard SSL certificates weren’t being renewed, which in turn was because certbot needed to be able to edit DNS records in order to do so. In investigating that I found that I couldn’t install the latest version of certbot and its Linode plugin, which led me to discover that my server was actually running the i386 ubuntu core with amd64 grafted onto it, instead of being actual amd64, which was in turn because this server had been provisioned years ago and i386 was the supported configuration.

So I went through the exercise of trying to switch over to amd64, found that the best path forward was to back up all my data (which was already done since I keep incremental backups every night) and just reimage. Which seemed like a pain. But the alternative for a more graceful transition was to set up a new VPS, migrate stuff across, and then decommission the old VPS, which would have also been a pain.

So anyway I decided that since my server was still basically running 32-bit and would be stuck there forever if I didn’t rip off the band-aid, I’d rip off the band-aid.

While I was at it, I’d been meaning to switch to nginx for years, and this was a good enough excuse as any.

Read more…

Disabled dark mode for now

Ugh, I really want to support dark mode (it’s a big accessibility win!) but right now my stylesheets are such a mess and Isso does a couple of aggravating things that makes it hard to correctly do dark mode themes. Namely that it provides its own inline stylesheet that is difficult to override correctly (without just throwing the whole thing out and remaking it from the ground up).

I wish more things used CSS variables by default – they’re very well-supported now and make it a lot easier to reason around themes. One of these days I’m going to get around to redoing all my stylesheets and use them for all colors and probably for most of my sizing.

New store page

I finally got around to making a better store page. It’s still not great but it’s better than just linking to either my Threadless or Storenvy or whatever, and I’ll be able to backfill a bunch more of my items into it eventually.

There’s a lot of stuff I’d like to change of course, but this at least gives me a hook to setting up my own PayPal/Stripe/etc. cart as well.

Anyway I’m glad that Publ is in a state where it’s gotten easier and easier for me to make new sites from scratch with it. And I also released a new version of Publ with some shiny new features.

Gah

Why didn’t anyone tell me that the previous blog post was posted as a very-broken comics post

Some template changes

I’ve changed my site templates a bit more, to make CWs work a bit better. In particular, now entries which have a CW will also hide the text behind a <details> on the page (for example), and similarly I’ve hidden CWed images on individual comic pages (for example). Comic images will also (finally!) be blurred in the OpenGraph tags, as well, after one too many “oops"es when posting links to Slack demonstrating how my CWs work.

I’ve also improved compatibility with Bridgy Fed and with the way that webmention microformats are supposed to work in the first place, per a conversation in which I learned that I wasn’t actually using reply types correctly. (You may have noticed a bunch more micro-posts on the chatter section as a result of me fixing this as well. I also need to finally implement a thing so I can properly filter that stuff out of the little "latest posts” box on the main page!)

The sample templates repository has been updated, accordingly.

As always, thanks to the various IndieWeb folks, especially Ryan and Kevin for setting me straight on this issue.

Edit: It didn’t take me very long to implement the Publ feature change. I went ahead and cleaned up a bunch of query generator code while I was at it. Also I think I found a bug in PonyORM. Nope, I think I was just being hopelessly optimistic about a thing.

Auth security tweak

I’m working on improving some of the https-related security in Authl, in particular making it so that if a site is configured with https, then it’ll only send the security cookie over https. This reduces the chances of a certain kind of possible security issue, but it also means that if you normally access the site with http://beesbuzz.biz instead of https://beesbuzz.biz it’ll show you as being signed out, and if you click the “log in” link it’ll ask you to sign in again even if you were already signed in.

I have a fix for that in mind, but it might cause a potential redirection loop problem in some cases so I’m not going to implement it until I’ve determined the scope of the problem and figured out if I need further workarounds.

Update: Fix is implemented and being tested on this site. Authl and Publ updates pending other folks trying it out.

Yet another rehash

So, one of the things with the Isso migration is that I finally came up with a better way of handling thread IDs to keep them actually-private. And part of that is the mechanism to rehash them.

Which is good, because I keep on accidentally leaking the dang secret sauce. The first time was when I updated my sample templates with the comment hash generation (and I accidentally left the HMAC key intact), and the second time was when I started building a new Publ-based website and decided to start with my actual app.py as the basis, HMAC key and all, never mind that I later ended up removing about 90% of the beesbuzz.biz custom routes and the Authl config since they’re not actually needed for this site. Yeesh.

Anyway, whatever. Someday I’ll learn my lesson (and maybe I’ll even go so far as to make the HMAC key not even be checked into code!), but today is not that day.

You can now use IndieAuth to login to this site

I’ve released a new version of Authl that has direct login support for IndieAuth. Also as of v0.1.6 it supports discovery via WebFinger, which should at least have Ryan a lot happier.

If you don’t know what any of the above means, this update probably doesn’t matter to you. 🙃

Comments more or less restored

As far as I know, all of the comments have been restored and mechanically updated to work correctly. It’s pretty neat that I actually have comments dating back to 2003, that have survived four separate comment systems! (Movable Type, phpBB, Disqus, and now Isso.) And some of the oldest ones hadn’t been visible for years, since I never got around to migrating them over to my comics section before.

I also now have a script to automatically rehash the thread IDs in case the HMAC key leaks, as it did yesterday when I accidentally forgot to redact it from the sample templates repository, oops. I doubt anyone saw that but now it doesn’t matter if they did.

I do want to make a final migration script to try adding thread nesting to comments which quote other comments. I have a good idea of how to do it but it’s gonna be tricky and since Isso apparently uses oldest-to-newest sort on comments I don’t know how useful it’ll be, anyway. But I like doing that sort of thing.

I also have automated backups of my comment database, as well as having it checked into a git repository so I can do simple checkpointing whenever I do something funky with a migration (and it means I can also run the migration on my local machine instead of having to worry about hecking something up in production). And of course since Isso runs as its own systemd unit I can easily take it down while I’m doing a thing. (If you ever notice my comments completely vanishing for a while, that’s probably what happened. Unfortunately there isn’t any easy way to show a reasonable message when that’s what’s going on.)

So, now I feel a lot more confident in the privacy and longevity of my comments. Which is good because I have a lot more private stuff to talk about. 😛

More comment migration stuff

Because my original import from phpBB to Disqus got botched, and the Disqus to Isso import lost a bunch of useful information, I ended up just going back to my old phpBB database and reimporting it directly into Isso. It mostly went well but there’s a few things that I need to go back and fix. This is my TODO list:

  • Unescape <a href> stuff that got converted to &lt;a href&gt; (example) DONE
  • Defunge the weirder bits of BBCode where e.g. [quote] turned into [quote:abcde] so it didn’t get converted to HTML (example) DONE
  • Clean up some older comments where I was a lot more accepting of Problematic Things (not gonna link to any but yeah they’re there) done, I think
  • If possible, reparent comments based on [quote]s (way easier said than done, I’ll probably have to do that manually)
  • Update: generate a new comment secret key and fix the thread IDs, because I made an oops DONE
  • Looks like when I did the reimport of phpBB stuff I accidentally removed some of the earliest Disqus-based comments (example, also) so I’ll have to do a bunch of reconciliation for that, fun fun… DONE

Also some of my earliest journal comics had comments posted via Movable Type’s comment system rather than phpBB, so I’ll want to also migrate those over (which I never got around to doing back when I was still using Movable Type to run my website); back then I just had “native” MT comments rendered in the MT template, which was Good Enough and I figured I’d get around to fixing it later. Well, it’s later. And that’s done. Even though I’m up way later than I meant to be. Oops.

Oh, and since I set up monsterid for the default avatars I feel like I should try to track down the email addresses of the folks who were posting to Disqus and fill that stuff in wherever possible.

I promise at some point I’ll get back to blogging about stuff other than the website itself.

Proper comment privacy! Yay!

Okay, instead of trying to modify Isso to support thread IDs that are separate from page URIs, I ended up leveraging the way that Publ request routing works and just made all thread IDs consist of a /<signature>/<entry_id> path, where <signature> is computed from an HMAC signature on the entry ID and a secret key. So, now the thread ID is only visible to people who have access to the entry in the first place (as long as my signing key never leaks), and the fact that Isso only uses the thread ID when generating a reply email link isn’t a problem.

So, for example, this entry has an entry ID of 4678, and the generated thread ID is (for example) /890824f4d450d4ac/4678, so when someone gets a reply notification the email will say something like:

such-and-such <foo@bar.baz> wrote:

Good point!

Link to comment: http://beesbuzz.biz/890824f4d450d4ac/4678

which will then redirect back here.

It’s not ideal, of course, but it works well enough.

Of course, to do this I had to migrate all of my thread IDs again, but hopefully this is the last time I’ll have to do that, and it also takes care of all my legacy Movable Type-era thread IDs. It does set a bad precedent that I’ll have to migrate thread IDs more in the future if I ever change my publishing system but the fact I was able to get away with not doing that for so long is a pretty good testament to my laziness, which I ended up having to pay interest on in the future anyway. So, lesson learned.

Also, this approach is even better privacy than what I was hoping to get out of the Disqus method; as it stood before, someone on my friends list (or who saw an Auth: * entry) could have theoretically figured out the way I was determining private thread IDs and used that to explore comments on entries they don’t have access to, and also there was an issue that if I ever took a public entry private, its thread ID would remain the same as when it was public. But this way, it’s unguessable as long as my HMAC key never leaks, and if my HMAC key does leak I can just reset it and regenerate the thread IDs. (Edit from the future: Ha. Haha. Ha hahaha ha haha. Ha.)

This approach is also useful for things other than Publ; my advice to anyone who’s using Isso for comments is that instead of using the actual entry URI as the thread ID, they should have some sort of stable mechanism for forwarding an opaque thread ID to the actual entry, and use that. This just happened to be really easy to implement for Publ since Publ already supports opaque ID chasing.

Read more…