So, one of the things with the Isso migration is that I finally came up with a better way of handling thread IDs to keep them actually-private. And part of that is the mechanism to rehash them.
Which is good, because I keep on accidentally leaking the dang secret sauce. The first time was when I updated my sample templates with the comment hash generation (and I accidentally left the HMAC key intact), and the second time was when I started building a new Publ-based website and decided to start with my actual
app.py as the basis, HMAC key and all, never mind that I later ended up removing about 90% of the beesbuzz.biz custom routes and the Authl config since they’re not actually needed for this site. Yeesh.
Anyway, whatever. Someday I’ll learn my lesson (and maybe I’ll even go so far as to make the HMAC key not even be checked into code!), but today is not that day.