Current goings-on
Oh I guess I haven’t blogged in a while. Like, a whole week. This can’t stand.
So, what am I up to?
Rambles that are fluffy, by fluffy
Oh I guess I haven’t blogged in a while. Like, a whole week. This can’t stand.
So, what am I up to?
In reply to: Re: Magic auth catch-22
Ahh—ok. Makes sense. I’m not doing this in my reader—I don’t want to risk rel=“self” being wrong. Is there a compelling reason to do this? I mean if I’m able to fetch the feed, why risk it?
Because sometimes sites migrate to new platforms or new domains and RSS feeds change location, and this helps to avoid linkrot or unpleasant surprises with realizing that you’ve missed a few years of updates because the feed quietly went missing.
Incidentally, I have implemented AutoAuth on this site. Gonna make a more formal announcement shortly.
In response to a Publ blog post, Kicks Condor writes:
One question, though—could the Atom feed list
rel alternate
versions of the feed? (That would have typeapplication/atom+xml
?) It also seems likerel self
could have the non-authenticated version of the feed. It doesn’t make sense for credentials to be in that URL. These are possibly naive suggestions—apologies, if so. Again, fantastic write-up!
The problem is that it’s up to the sharing news reader to know which URL to use for the sharing, and there’s no way to control what URL the reader happens to use. I know that Feed On Feeds will use the URL for the actual subscription (since that’s the only source URL it tracks in the first place), and who knows what other readers with sharing features will do!
And changing the rel="self"
URL has a different problem – some readers (again, such as Feed On Feeds) treat that as the canonical URL and will update their subscriptions to point to that URL instead, so setting rel="self"
to the unauthenticated feed means most users will be unable to remain logged in.
Basically, it’s a tricky issue that has no right answer with the Atom spec as it currently exists. So if some other mechanism has to be designed, it might as well be done in a safe, unambiguous way from the beginning. If some other use case for magic auth links comes up I’ll reconsider implementing them, but at least for friends-only subscription access, the privacy risks are simply not worth it.
Hey everyone! I just thought I’d give folks a preview of the items I’ll be selling at GeekGirlCon.
Why didn’t anyone tell me that the previous blog post was posted as a very-broken comics post
Today was a travel day to Portland, for Retro Game Expo. So of course just as the train was ready to take off was when my HMO decided to call me to do the ADHD diagnostic intake. I asked if I could just call back later when I wasn’t likely to lose coverage in 3 minutes, and eventually I got the phone number to call.
So, when I got to Portland I called the number, where they immediately put me on hold for 30 minutes. After which they asked me what I was calling about, and when I said I was calling about getting my ADHD screening, they put me on hold for another 15 minutes. Not a great start.
So, this post about signs of undiagnosed ADHD showed up on one of my fibro communities and so much of it seemed PRETTY FAMILIAR, and I also found out that fibromyalgia and ADHD are highly comorbid, and then I was realizing that I stopped being able to focus on work and Getting Stuff Done when I had to go cold turkey on caffeine when my panic disorder started in 2011, and, wellp.
In reply to: Random reply
FYI this is a webmention sent as mastodon reply :)