Full-text search on beesbuzz.biz

Comments

I finally got around to enabling search, as an experimental feature. Publ’s full-text search functionality is kinda janky right now and I really want to rework it. But people were asking, so here you go.

Also god damn my templates are getting hard to maintain.

There’s also so much stuff I really want to rewite in Publ, while I’m feeling grumpy.

EDIT: Oh right, also what started me down this path was also fixing Authl’s login flow for email links on email providers which generate link previews, e.g. Outlook and Hotmail. So I mean folks who were getting “invalid token” errors while signing in by email should have a better time now.

Current goings-on

Comments

Still on disability leave, and still in considerable pain. I’m trying not to work too hard on things, but it’s hard not to do things.

For example, I worked on a song with my friends Ken and Huan-Hua for this week’s Song Fight!; we entered the “We Did Everything We Could” fight under the band name Richard Donner Party. It was a fun song to make. Fortunately I didn’t have to even so much as look at a guitar. Most of my work was vocals, light keyboard work, and editing.

Read more…

Private, friends-only, IndieWeb stuff

Comments

Yesterday I participated in the IndieWeb sensitive data pop-up, or at least the first half of it (I had to disappear for my refrigerator delivery). It was really great to have some further discussion about what people want out of this stuff and how we’re all going to agree to get it.

Authentication stuff

One of the biggest pain points that keeps on coming up is there being no support for people to be able to get private posts without having to log in or be notified about them in side channels. Lots of people are doing things like making pages with unguessable URLs and then doing side-channel notification, but that’s unwieldy; fewer folks are doing things with actual login mechanisms.

Read more…

Regular check-in

Comments

I’m personally physically all right, at least for now. The house guest also made it here safely, right before things got really weird.

I gotta say, getting an urgent group text informing my building of an incoming teargas cloud and “Close your windows” is not a thing I thought I’d ever experience first-hand.

Read more…

Stuff and things

Comments

So, some updates of the things that have been going on in my life since the last update, because I’m waiting for my car to get some overdue scheduled maintenance and I forgot to bring my Switch, so why not.

Read more…

New store page

Comments

I finally got around to making a better store page. It’s still not great but it’s better than just linking to either my Threadless or Storenvy or whatever, and I’ll be able to backfill a bunch more of my items into it eventually.

There’s a lot of stuff I’d like to change of course, but this at least gives me a hook to setting up my own PayPal/Stripe/etc. cart as well.

Anyway I’m glad that Publ is in a state where it’s gotten easier and easier for me to make new sites from scratch with it. And I also released a new version of Publ with some shiny new features.

New job!

Comments

I have accepted a job at maven.io as a full-stack engineer. I’ll be working on web publishing stuff as an actual source of income now!

I am very optimistic about this. Everyone at the interview was super-awesome and friendly, and their ethics seem pretty much aligned with mine. I hope to be part of making curated published content on the web better for everyone! (Readers and publishers alike.)

Read more…

I’m warming up to ActivityPub

Comments

While Publ is still going to be an IndieWeb-first platform (simply because it’s so much easier to integrate – having modular Lego bricks and a pick-and-choose functionality set that is as simple as adding it to one’s HTML templates is a very compelling approach), I’ve had some good discussions regarding ActivityPub lately and it’s starting to seem a bit more possible to add that as an add-on for Publ.

Read more…

Re: Why Publ won’t support magic auth links

Comments

In response to a Publ blog post, Kicks Condor writes:

One question, though—could the Atom feed list rel alternate versions of the feed? (That would have type application/atom+xml?) It also seems like rel self could have the non-authenticated version of the feed. It doesn’t make sense for credentials to be in that URL. These are possibly naive suggestions—apologies, if so. Again, fantastic write-up!

The problem is that it’s up to the sharing news reader to know which URL to use for the sharing, and there’s no way to control what URL the reader happens to use. I know that Feed On Feeds will use the URL for the actual subscription (since that’s the only source URL it tracks in the first place), and who knows what other readers with sharing features will do!

And changing the rel="self" URL has a different problem – some readers (again, such as Feed On Feeds) treat that as the canonical URL and will update their subscriptions to point to that URL instead, so setting rel="self" to the unauthenticated feed means most users will be unable to remain logged in.

Basically, it’s a tricky issue that has no right answer with the Atom spec as it currently exists. So if some other mechanism has to be designed, it might as well be done in a safe, unambiguous way from the beginning. If some other use case for magic auth links comes up I’ll reconsider implementing them, but at least for friends-only subscription access, the privacy risks are simply not worth it.