Authl update → login reset

Comments

I made a change to Authl which more or less necessitated resetting everyone’s login.

I mean, it only really necessitated resetting the logins of folks who sign in via Twitter, but the way Publ authentication works (or at least the way I have it set up on my site) means I can’t reset just an individual session.

Also it didn’t really require a full login reset but it would have been confusing for some folks for some amount of time, so I figured better safe than sorry. “Oops I need to log in again” is a lot less difficult to deal with than “it says I’m logged in, did fluffy remove me from their friends list or something? what did i do wrong :( :( :(”

This also means that all bearer tokens have been reset, so if you were doing something with those you’ll need to generate a new one (either from your profile or via TicketAuth). Of course you automatically get a TicketAuth grant when you sign in anyway, so if you’re using TicketAuth I guess there’s nothing extra you need to do to begin with.

Update: haha I forgot to actually push this entry until like 4 days later oops. well okay have an explanation if you were wondering

PSA regarding quotes in isso

Comments

After my recent isso updates, I found that double-quotes had disappeared from most peoples' comments, and it was really weird and I couldn’t figure out why.

Anyway, long story short, it turns out that something changed to cause the EXT_QUOTE support to start converting "s into <q>s, and isso’s HTML sanitizer (which runs after Markdown conversion) isn’t configured to allow that as an HTML element. (Or maybe this was happening all along and I just didn’t notice until now! Nothing in Misaka has changed in that time so I probably just never noticed.)

The fix is to either remove quote from options or add q to allowed-elements in the [markup] section of the isso config file. For example, here’s that section of mine:

beesbuzz.biz.cfg
[markup]
options=strikethrough, autolink, fenced-code, no-intra-emphasis, superscript, highlight, quote, tables
allowed-elements=mark, sup, sub, q

On a related note, don’t enable EXT_QUOTE on Publ if you want quotes to be able to appear in auto-generated entry summaries and the like. (I suppose I should change Publ to always override the Markdown extension configuration where it makes sense…)

Isso comment privacy update

Comments

So the reason for my recent mini-rantle was that I found a hidden API in isso that would have made it pretty easy for folks to trivially scrape every comment on my website, including ones on private entries.

Fortunately the fix was really simple and it’s what I have deployed on my site right now.

Read more…

So, comments were broken

Comments

So hey, I thought it was weird that nobody had been posting comments on my blog in a while. Turns out comments were just, like, broken, and nobody told me, for some reason.

The problem turned out to be that Isso currently doesn’t work on Python 3.8 (or at least, the current released version, which is ridiculously outdated, doesn’t), and it was easy to roll it back to Python 3.7, thanks to poetry’s pyenv integration. So, score another one for poetry.

But why don’t people actually tell me when they’re having problems with my site? Do people just assume that if something’s broken it’s broken on purpose? Because I mean… no?

Anyway, comments are fixed now.

Read more…

Template refactoring

Comments

I’ve done a bunch of refactoring/simplification on my website templates. I think everything still works but if you see something funky, please let me know.

There’s also a lot more I need to fix, especially redoing the CSS to be cleaner and on the comics subsection (which has an entirely different set of templates that aren’t built on HTML5 semantic containers at all), but that can definitely wait.

(I also really want to redo novembeat at some point since I have a better idea of how to structure it now, but that also will wait.)

Server rebuild status

Comments

So the nice thing about cleansing fire is it makes me realize that I had a lot of websites that I didn’t really need to keep going, just because I, like, never touch any of them or they’re just for fun.

For example, I was the only user of Reminder Me, and I’ve been moving all of my chore reminders over to the iOS Reminders app anyway, now that it does a better job of it than my crappy little RSS “app.” Given that it was one of the first Python things I wrote (and was a Python CGI, no less) and I’d been planning on rewriting it entirely if I decided I needed it anymore anyway, it doesn’t seem like it’s worth the effort of getting it working with nginx. Plus, it was on Python 2, which is a major pain to even deploy anymore.

It was fun having a “band” website but I hadn’t substantially updated it since the release of Refactor back in 2015. So, I’ll just make it redirect to my bandcamp. I’ll probably want to get my static large-file storage bit up separately though.

Similarly, I don’t really see any point in putting my professional audio portfolio back online at this time; it was woefully outdated and never got a lot of traffic from people looking for what I was offering anyway. So, meh to that one.

I was hosting a couple of small websites for my parents and another for a friend, and I unfortunately didn’t think to back them up in advance. It would have made my life a lot easier if I’d not been going so impulsively. Impulse control, what even is it? Anyway, hopefully all that content still exists elsewhere.

Mostly I’m just noticing just how many heckin' domains I have and how pointless most of them are. Especially now that most browsers don’t allow emoji domains anymore.

Whoops

Comments

The plus side of using sqlite for everything: all my site data is just stored in files that are easy to recover!

The minus side of using sqlite for everything: way too easy to clobber newer content while incrementally restoring backups.

Well that blew up…

Comments

So, I found out that my wildcard SSL certificates weren’t being renewed, which in turn was because certbot needed to be able to edit DNS records in order to do so. In investigating that I found that I couldn’t install the latest version of certbot and its Linode plugin, which led me to discover that my server was actually running the i386 ubuntu core with amd64 grafted onto it, instead of being actual amd64, which was in turn because this server had been provisioned years ago and i386 was the supported configuration.

So I went through the exercise of trying to switch over to amd64, found that the best path forward was to back up all my data (which was already done since I keep incremental backups every night) and just reimage. Which seemed like a pain. But the alternative for a more graceful transition was to set up a new VPS, migrate stuff across, and then decommission the old VPS, which would have also been a pain.

So anyway I decided that since my server was still basically running 32-bit and would be stuck there forever if I didn’t rip off the band-aid, I’d rip off the band-aid.

While I was at it, I’d been meaning to switch to nginx for years, and this was a good enough excuse as any.

Read more…