busybee fluffy rambles

So, yesterday I finally got my prescription for gabapentin/Neurontin, as another attempt at managing my fibro symptoms. Took my first dose at 9 PM, and felt very tired and dizzy by 11 PM. Then still managed to not fall asleep until around 3 AM (I was definitely wide awake at 2, and my smart bed thing says I didn’t fall asleep until 3 so that seems believable).

I slept pretty okay although I had vivid dreams about unpleasant stuff, as always seems to be the case when my neurochemistry is being tampered with.

Woke up at 8 AM, couldn’t actually peel myself out of bed until half past 9, and I felt wobbly/dizzy/tired all day.

Pain was okay in the morning, but at 2:40 PM or so I had a flareup. It cleared up with a snack, though, and I kinda-sorta managed to get some actual work done, ish.

Went home at 6, had dinner, not sure where the past two hours went but I’m really tired and sleepy right now and also flaring like a matroncopulator, and it’s time for my next dose. Maybe I’ll sleep better/longer tonight and feel better tomorrow.

I’m working on improving some of the https-related security in Authl, in particular making it so that if a site is configured with https, then it’ll only send the security cookie over https. This reduces the chances of a certain kind of possible security issue, but it also means that if you normally access the site with http://beesbuzz.biz instead of https://beesbuzz.biz it’ll show you as being signed out, and if you click the “log in” link it’ll ask you to sign in again even if you were already signed in.

I have a fix for that in mind, but it might cause a potential redirection loop problem in some cases so I’m not going to implement it until I’ve determined the scope of the problem and figured out if I need further workarounds.

Update: Fix is implemented and being tested on this site. Authl and Publ updates pending other folks trying it out.

For the last few years I’ve participated in a thing called Novembeat, started by my friend Paul. Whenever I tell people about it they’re never sure how to find out more, though, because there’s no website.

So, I finally fixed that.

I’m seeing what happens when I generate a webmention to a protocol-relative URL.

Also seeing if webmention.io preserves fragments.

So, one of the things with the Isso migration is that I finally came up with a better way of handling thread IDs to keep them actually-private. And part of that is the mechanism to rehash them.

Which is good, because I keep on accidentally leaking the dang secret sauce. The first time was when I updated my sample templates with the comment hash generation (and I accidentally left the HMAC key intact), and the second time was when I started building a new Publ-based website and decided to start with my actual app.py as the basis, HMAC key and all, never mind that I later ended up removing about 90% of the beesbuzz.biz custom routes and the Authl config since they’re not actually needed for this site. Yeesh.

Anyway, whatever. Someday I’ll learn my lesson (and maybe I’ll even go so far as to make the HMAC key not even be checked into code!), but today is not that day.

Now Twitter is an option for logging in to this site. See the Authl release announcement for more information on that.

I’ve released a new version of Authl that has direct login support for IndieAuth. Also as of v0.1.6 it supports discovery via WebFinger, which should at least have Ryan a lot happier.

If you don’t know what any of the above means, this update probably doesn’t matter to you. 🙃