💬 Re: Private Comments, or Why I’m Down On Webmentions Notes


In reply to: Haven Blog: Private Comments, or Why I’m Down On Webmentions

This article raises some good points, but there’s another reason I’m not all-in on Webmention: comments on private posts.

Post privacy is incredibly important to me, and supporting webmention on a privacy-post context requires that the comment (and notification thereof) be visible to the receiver’s endpoint, without it being visible to the world at large. This is okay with “unguessable” private URLs, but if you are doing a login-requred thing you start running into issues where you have to either let endpoints through to see the data (which means that any bad actor could also do the same), or you need the endpoints to support the authentication protocols (via e.g. AutoAuth or TicketAuth), and given how difficult those have been to get any meaningful adoption, I’m not terribly optimistic about that changing any time soon, especially with how many people farm their webmentions out to webmention.io which isn’t really in the business of managing things like authentication tokens.

But also, if you live in a world of webmentions for replies, that also greatly increases the chances that someone’s reply will be accidentally posted in public. I already see enough issues where friends will reply to my unauthenticated “stub” entries on Mastodon, rather than posting native comments onto my blog.

The more I get annoyed with Internet comment mechanisms, the more I think that email really is the way.

🔄 Reading blogs - anywhere but Feedly Notes


Reposted: Reading blogs - anywhere but Feedly

I removed Feedly from my Get Blogging resource for people who want to read and write blogs.

If you’d like to read blogs, there are some great other feed readers recommended in the list. I start every morning with Reeder and NewsBlur.

Molly White has written a great summary of why I can’t endorse Feedly anymore:

In a world of widespread, suspicionless surveillance of protests by law enforcement and other government entities, and of massive corporate union-busting and suppression of worker organizing, Feedly decided they should build a tool for the corporations, cops, and unionbusters.

I cannot support union-busting in any form, and it’s very disappointing to see a tool like Feedly attempt to capitalize on corporations who would like to engage in this activity. So it’s gone from the list, and I’d like to suggest: while they offer this product and cater to this market, please don’t use Feedly.

Personally I’m still a fan of self-hosting Feed on Feeds, which is pretty straightforward to do if you have even basic PHP webhosting. It isn’t the fanciest thing but it’s reliable and won’t sell your data to others, and it’s got the exact UX I want in a reader app (YMMV of course).

So long, Twitter API, and thanks for all the fish


Quoted: So long, Twitter API, and thanks for all the fish

Ryan writes:

Right now, Bridgy uses a free tier of Twitter’s API, equivalent to what many other major social networks offer. By April 29th, this free tier will disappear. If I want to read tweets, my options will be a $100/mo plan with a quota of 10k tweets/mo, roughly .1% of what Bridgy currently uses, or an enterprise plan with unknown quota that reportedly starts at $42k/mo.

It isn’t clear whether the new tiers also apply to the SSO API (it seems that posting to Twitter is still available in the free tier which implies that SSO will still function). But needless to say (but I’ll say it anyway), if this breaks SSO, I am not going to pay money to fix it on my sites.

I’d highly recommend to folks who are still using Twitter to log in to this site or to Novembeat to find an alternate identity provider, such as a Mastodon instance or running an IndieAuth provider on your own heckin' website.

(Someday I’ll get around to adding OpenID to Authl so people can also use things like Livejournal, Dreamwidth, or Ubuntu Launchpad to sign in, but I’ve been lazy.)

EDIT: Looks like SSO is remaining free, per the announcement. Still, y'all should move away from Twitter just on general principle.

Upcoming talent show!


Hey friends, I forget if I’ve mentioned it here but on Friday my choir is having a talent show and a silent auction! If you’re in Seattle it’d be great if you could attend in person, and we’ll also be streaming the show on YouTube and you can get a ticket for access to that stream as well. And the silent auction has a lot of amazing goods and services available and will be run online.

Please consider getting a ticket to the show (or making a donation to the choir) and registering for the silent auction.

Panic attacks


I used to get bad panic attacks while driving, and the trigger and underlying cause was pretty obvious. But they faded over time and I felt that I was panic-free for a few years.

Until fucking TWO WEEKS AGO when I had a small one while carpooling to choir practice, and then a big fucking one the next week when driving to the doctor’s office for routine lab work! And now I don’t feel safe driving at all! And I have to do a lot of driving this week! WHAT AMAZING TIMING!

Does anyone have any good quick fixes for driving panic? I honestly do not know if I did anything to help it go away or if it just faded on its own. I suspect the actual common thread behind them is Fear Of Mortality and I’ve had plenty of things driving that fear lately, and like, okay it’s great that my brain is in full-on self-preservation mode but maybe causing me to nearly pass out and lose control of a two thousand pound machine wrapped around a 50kWh lithium battery isn’t the best way to go about that?

I mean okay, fair, you’re preventing me from entering the machine in the first place, so, good job

Super burnout


So, yesterday I had a major panic attack while driving, for the first time in several years, and the worst one I’d had in over a decade. So, that was fun.

Right now I’m in this weird split mindset, where on the one hand I feel like I need a day job to be motivated, but on the other hand, every time I find out about a job that I’d be qualified for, I have no interest whatsoever in doing it, like at all.

Read more…

Full-text search on beesbuzz.biz


I finally got around to enabling search, as an experimental feature. Publ’s full-text search functionality is kinda janky right now and I really want to rework it. But people were asking, so here you go.

Also god damn my templates are getting hard to maintain.

There’s also so much stuff I really want to rewite in Publ, while I’m feeling grumpy.

EDIT: Oh right, also what started me down this path was also fixing Authl’s login flow for email links on email providers which generate link previews, e.g. Outlook and Hotmail. So I mean folks who were getting “invalid token” errors while signing in by email should have a better time now.