Music, comics, art, and other stuff, all in one gigantic pile. The web of yesterday, tomorrow!
It’s about time I finally write a timeline of how frustrating HRT has been over the years, because I’m tired of re-explaining it and just want something to point folks to whenever it comes up.
Short version: I have historically been done extremely dirty by the healthcare system when it comes to HRT access.
In every corner of my life right now I cannot seem to escape the increasing fervor of the ongoing debate regarding AI and machine learning in general, where on one side you have people who are completely anti-AI and others who are completely pro-AI, and any point made in opposition to either of these things is seen as a hardline stance that is an attack or something to be corrected.
As with basically everything there is nuance, and a lot of conflicting things that tend to be collapsed down into single talking points, and I am getting caught in the middle. Over the last few days this has reached a fever pitch, and it’s gotten to the point that I feel like I’m constantly on the defense and on the edge of a panic attack.
I’m also very tired, and I want to just write this thing in my own little space where I can get some complete thoughts out before someone jumps down my throat in the middle of a series of posts. I’m not sure that this will have any real positive effect, but maybe a public rumination will help me work through the latest panic attack that woke me up after a particularly emotionally-draining day.
human.json protocol
.well-known
Code
There is a growing trend for new protocols to express themselves in the form of a well-known URI. It’s seen as an easy place to stash something where other interoperable software might want to probe for protocol support, as an improvement to the old ad-hoc behavior of things like robots.txt and favicon.ico and the like.
I am not personally a fan of it, for a few reasons.
These days I have quite a lot of ambition but not enough energy to execute on it. I’m trying, though.
It’s okay to not feel okay, especially when your hormones have been out of whack for months and healthcare is slow to try to help you with it.
It’s been nearly a week since I removed Cloudflare from my sites. As a quick followup, I did get a slight surge in traffic that lasted for a day or so after a bunch of bots' DNS caches expired, but they seem to have all given up after the Cloudflare “managed challenge” interstitial turned into an HTTP 401 error for them.
In reply to: Multiple in-reply-to links
Yeah I was trying to do something somewhat like Salmention since the context was specifically replying to two posts. I wouldn’t normally have done that, as you can probably tell by the weird UX on my site that resulted.
In reply to: re: Private posts on the open web
In reply to: re: Private posts on the open web
I have had private posts on the open web for quite some time, and this has been one of my personal bugbears in IndieWeb for as long as I’ve been participating.
My site uses an authentication layer, Authl, which allows people to sign in with a bunch of different identity providers, including IndieAuth, Fediverse (specifically tested with Mastodon and Pleroma but it should work with anything that supports the Mastodon client protocol), and emailed links. (It also used to support Twitter, but, y'know. And I’ve wanted to add support for bsky but its third-party client UX isn’t amenable to using it as basic SSO, but hopefully that changes when they refine their scopes better.) If someone signs in, or provides a bearer token to their feed reader, then they will be able to see private posts.
The other thing is I’ve been pushing for TicketAuth as well, although I haven’t kept up with the latest protocol changes and I’m kind of lost when it comes to playing catch-up. The use case for this is to better support feed readers; the basic idea is that there’s an unattended mechanism for a bearer token to be provided to someone’s feed reader, which can then use that bearer token in order to subscribe to posts and then those show up in full to the reader.
But since nobody actually supports it so far as I can tell (and if they were to start supporting it, it’d be based on the latest spec which I am definitely not complying with), I also have my feed set to show an anonymous stub entry for people who aren’t logged in. It provides minimal information beyond a shortlink that will redirect to the entry itself, and a sanitized title that’s just the first letter of each word in the title so that people have some clue as to whether they’ve seen it already. For example, the privacy title of this post would be “rPpotow.”
Also, for people who aren’t signed in, if there is a private entry which might become visible to them if they are authorized, a small notice appears on the top of the page to that effect. For example, if you aren’t signed in to my site, this page should show such a notice.
This gives me a pretty good balance of privacy and security. Content is only ever visible to people who are actually signed in, and people are notified about the potential for additional content if they sign in, without leaking information about the nature of that content.
Incidentally, this is stuff I had designed Publ for from the beginning, specifically from my experiences with hacking private posts into my old MovableType blog and needing to vent in private in a centralized way. I also make use of the login system for other stuff, like the anti-AI-scraping measures and the Novembeat submissions page, and I plan to eventually add things like comment system and a few other things.