Anxiety, yesterday and tomorrow fluffy rambles


Last night I had to drive to choir practice myself, and I had a panic attack on the way. I managed to push through it and felt fine when I got there. So of course I had another panic attack on the way home, because my brain decided that no, proof of being able to drive safely is NOT enough anymore to sustain a lack of anxiety when driving.

Tomorrow I am going in for an angiogram and potential angioplasty (depending on what it turns up). The procedure itself is pretty straightforward and primarily preventative; non-invasive imaging was inconclusive as to how much arterial blockage I have (if any), and I seem to have an arterial abnormality that makes imaging difficult. So it is out of an abundance of caution that I am getting the angiogram, and if any blockage is found it will be mitigated, and perhaps a stent will be installed as well (although my dad also has an arterial abnormality which made a stent installation impossible for him when he went through a similar thing, in a much more emergent situation).

Read more…

My least favorite question in all of tech recruiting fluffy rambles


“Are you frontend, backend, or full-stack?”

I really hate this question, for so many reasons.

First of all, it presupposes that there’s only two sorts of things that are done in software anymore: either you’re making websites (frontend) or services called by them (backend), or you’re someone who does both, but still using the frontend/backend dichotomy.

There are so many other kinds of software out there. Not all the world is Building Websites. Just off the top of my head there’s the extremely broad categories of graphics, platform, audio, gameplay, automation, embedded, infrastructure, distributed systems, and so much more.

Even in today’s dystopian push towards blockchain and machine learning, what kinds of engineer works on the underlying systems there? It’s neither backend nor frontend.

Read more…

💬 (no title) Notes


Yes, Publ supports TicketAuth for authenticated feed subscriptions. At least in theory. It passes manual testing and I think a couple of folks have implemented test consumers that have been verified to work with it, but I don’t know of anyone who actively follows my blog with a TicketAuth-enabled feed reader.

My feeling with how Microsub would interact with TicketAuth is that the ticket endpoint would be responsible for relaying the bearer token along to the Microsub implementation, perhaps via some sort of credential store, or maybe that the token store would be expressed by the Microsub endpoint. I haven’t super thought it through, mostly because there’s a couple of reasons I’m not a fan of Microsub and if I ever get around to implementing the reader I want to implement I was planning on it just being a fully self-contained application that you happen to sign into using IndieAuth (it could support Microsub as a data store for other reader clients but it’d be intended to be used as its own client as the primary interaction model).

Or I guess another way of looking at it is that the reader I want to build would be a reader UI, Microsub endpoint, and TicketAuth endpoint all in one single integrated implementation, just because it feels easier in terms of how I want stuff to work.

The big security concern with TicketAuth (or any authenticated feed mechanism other than private/individual feed URLs, which has its own set of problems to contend with) is that as soon as anyone has any credentials for a feed that multiple people are subscribed to, you need to make damned sure that you’re retrieving/parsing/storing the feed separately for each credential. It’s for that reason that I haven’t just hacked TicketAuth into Feed-On-Feeds, because its fundamental design would make this rather inconvenient.

Goodbye, Twitter third-party login fluffy rambles


So, a little while ago I did an extremely unscientific poll on login methods via Authl on this website. The results of that (measured by folks who accessed my site for any authenticated reason, not just folks visiting the login method poll):

  • 8 signed in via Fediverse (Mastodon/Pleroma/etc.)
  • 4 signed in via IndieAuth
  • 7 signed in via email

Not a single one signed in via Twitter.

Read more…

💬 Re: Private Comments, or Why I’m Down On Webmentions Notes


This article raises some good points, but there’s another reason I’m not all-in on Webmention: comments on private posts.

Post privacy is incredibly important to me, and supporting webmention on a privacy-post context requires that the comment (and notification thereof) be visible to the receiver’s endpoint, without it being visible to the world at large. This is okay with “unguessable” private URLs, but if you are doing a login-requred thing you start running into issues where you have to either let endpoints through to see the data (which means that any bad actor could also do the same), or you need the endpoints to support the authentication protocols (via e.g. AutoAuth or TicketAuth), and given how difficult those have been to get any meaningful adoption, I’m not terribly optimistic about that changing any time soon, especially with how many people farm their webmentions out to which isn’t really in the business of managing things like authentication tokens.

But also, if you live in a world of webmentions for replies, that also greatly increases the chances that someone’s reply will be accidentally posted in public. I already see enough issues where friends will reply to my unauthenticated “stub” entries on Mastodon, rather than posting native comments onto my blog.

The more I get annoyed with Internet comment mechanisms, the more I think that email really is the way.

🔄 Reading blogs - anywhere but Feedly Notes


I removed Feedly from my Get Blogging resource for people who want to read and write blogs.

If you’d like to read blogs, there are some great other feed readers recommended in the list. I start every morning with Reeder and NewsBlur.

Molly White has written a great summary of why I can’t endorse Feedly anymore:

In a world of widespread, suspicionless surveillance of protests by law enforcement and other government entities, and of massive corporate union-busting and suppression of worker organizing, Feedly decided they should build a tool for the corporations, cops, and unionbusters.

I cannot support union-busting in any form, and it’s very disappointing to see a tool like Feedly attempt to capitalize on corporations who would like to engage in this activity. So it’s gone from the list, and I’d like to suggest: while they offer this product and cater to this market, please don’t use Feedly.

Personally I’m still a fan of self-hosting Feed on Feeds, which is pretty straightforward to do if you have even basic PHP webhosting. It isn’t the fanciest thing but it’s reliable and won’t sell your data to others, and it’s got the exact UX I want in a reader app (YMMV of course).

So long, Twitter API, and thanks for all the fish fluffy rambles


Ryan writes:

Right now, Bridgy uses a free tier of Twitter’s API, equivalent to what many other major social networks offer. By April 29th, this free tier will disappear. If I want to read tweets, my options will be a $100/mo plan with a quota of 10k tweets/mo, roughly .1% of what Bridgy currently uses, or an enterprise plan with unknown quota that reportedly starts at $42k/mo.

It isn’t clear whether the new tiers also apply to the SSO API (it seems that posting to Twitter is still available in the free tier which implies that SSO will still function). But needless to say (but I’ll say it anyway), if this breaks SSO, I am not going to pay money to fix it on my sites.

I’d highly recommend to folks who are still using Twitter to log in to this site or to Novembeat to find an alternate identity provider, such as a Mastodon instance or running an IndieAuth provider on your own heckin' website.

(Someday I’ll get around to adding OpenID to Authl so people can also use things like Livejournal, Dreamwidth, or Ubuntu Launchpad to sign in, but I’ve been lazy.)

EDIT: Looks like SSO is remaining free, per the announcement. Still, y'all should move away from Twitter just on general principle.