Posted Wednesday, October 30 at 7:11 PM (2 weeks ago)
So, both Publ and Authl had a pretty naïve issue with the identity verification step of the IndieAuth flow; it simply accepted whatever the authorization endpoint said the user’s identity was. This made it very simple to spoof one’s identity and log in as anyone on any Publ or Authl site.
Authl 0.3.1 fixes the problem with the IndieAuth login flow, and Publ 0.5.8 fixes the problem with the Bearer token flow.
Posted Friday, October 25 at 5:36 PM (2 weeks ago)
Since adding user authentication to Publ, I’ve been thinking of ways of allowing people to subscribe to sites from feed readers while getting their own native authorization, so that people can see entries directly in their readers rather than needing the clumsy mechanisms of unauthorized placeholder entries.
Out of the box, Publ authentication does support a shared cookie jar; if you can provide your cookies to your feed reader in some way, then things will Just Work. Unfortunately, I don’t know of any feed readers that actually support this, at least not easily. (Back when most browsers had a feed reader built-in this was a lot simpler. But time marches on.)
The two mechanisms which seemed most promising are AutoAuth and “magic links,” where users get signed URLs that come pre-authenticated and show the full authorized content for that user. AutoAuth is still in a draft phase that’s stuck in a chicken-and-egg situation (and also requires a lot of buy-in to IndieWeb protocols, which is still a pill too large to swallow for most of the folks who follow my blog), so magic feed links seemed like the best path forward.
I even got so far as to draft out an implementation, but there’s a few bad issues with it which just made me opt not to.
Posted Monday, August 12 at 1:41 AM (3 months ago)
I’ve released Authl v0.1.7, which now adds direct support for IndieAuth (rather than requiring IndieLogin.com as a broker). This means that now folks who have an IndieAuth identity can log in using that; previously I was expecting IndieLogin.com to eventually open up client registrations to make that a useful authentication path, but for various reasons Aaron hasn’t opened it up to the general public.
Part of this update was to also refactor how OAuth is handled, so it’ll be a lot easier for me to add more OAuth-based providers in the future; hopefully I’ll have direct support for Twitter, GitHub, and maybe even Facebook in the near-ish future. But for now, between Mastodon, email, and IndieAuth, I think I have all of my own personal needs taken care of.
Feel free to make suggestions for other identity providers in the Authl issue tracker, though!
Posted Sunday, April 28 at 2:39 AM (7 months ago)
It’s been a while since I’ve worked on IndieWeb stuff, but I finally got around to releasing an extremely preliminary version of reblob, a little commandline thingus to make this stuff easier. Eventually I’ll also have a server-based version here, at least as an example.
Posted Friday, March 15 at 5:29 PM (8 months ago)
While trying to figure out some weird access patterns on the day-job site I had the realization Pushl wasn’t actually specifying a user-agent, so it was just coming through as the generic
aiohttp one, which isn’t very friendly.
Now it sends a reasonable user-agent by default, and this can be overridden by the
--user-agent flag if you want to for your own analytics or whatever.
Oh, and I had quietly released 0.2.3 a few days ago; there were just some minor internal changes to logging and also declaring Pushl as beta, rather than alpha, software.
Posted Sunday, March 10 at 6:25 PM (8 months ago)
I’ve done a bunch more work on Pushl to try to get it more stable. In particular, I’ve made it so that it will only recurse into feeds that are on domains that were declared in the initial requests, and I seem to have cleared up some cases which were causing it to hang and also added a global timeout which will, hopefully, prevent it from hanging indefinitely.
I do wish I could figure out what is causing the hangs when they do happen though. Oh well. Some discussion of the issue below the cut.
Posted Thursday, March 7 at 10:27 PM (8 months ago)
I’ve been working on getting Pushl much more stable and reliable, particularly around a persistent “too many open files” error I was having, which turned out to be primarily due to a fd leak in the caching routines. Oops.
Anyway, there’s also seemingly a problem with how
aiohttp manages its connection pool, at least on macOS, so I’ve disabled connection keep-alive by default. However, if you still want to use keep-alive, there’s now a
--keepalive option to allow you to do that. I’m finding that it doesn’t really improve performance all that much anyway.
This is feeling beta-ready but I’ll give it a few days for other issues to shake out first.
Posted Thursday, March 7 at 12:05 AM (8 months ago)
So, I just released v0.2.0 of Pushl. It was a pretty big change, in that I pretty much rewrote all the networking stuff, and fixed some pretty ridiculous bugs with the caching implementation as well.
The main thing is now it’s using async I/O instead of thread-per-connection, so it’s way more efficient and also times out correctly.
And oh gosh, I had so many tiny but critical errors in the way caching was implemented – no wonder it kept on acting as if there was no cached state. Yeesh.
Anyway, I’ll let this run on my site for a few days and if I like what I see I’ll upgrade it to beta status on PyPI.
Posted Wednesday, February 20 at 3:42 PM (9 months ago)
For those folks who want to import their content from Movable Type over to Publ, I’ve finally gotten around to writing an importer. Currently it only attempts to convert entry content and category metadata, and only using SQLite-formatted database dumps.
README.md for the (incredibly rough) usage instructions.
Eventually I want to try to automatically convert templates from MT’s scripting language to Jinja-Publ templates, although there’s a bunch of stuff that’s going to be difficult to port across and a lot of stuff is just plain not feasible to even try, so don’t expect that to become a major thing any time soon.
Posted Monday, January 14 at 9:28 PM (10 months ago)
I ended up doing some more work on Pushl and have now released v0.1.7. The major changes:
- Did a bunch of refactoring to make the code a little cleaner and handle configuration more appropriately
- Added a configurable timeout for connections (which now defaults to 15)
- Added a
--version option on the command line arguments
Also, some suggested usage ideas below the cut!
Posted Sunday, January 13 at 8:48 PM (10 months ago)
It’s been a while since I’ve updated Pushl but today I released v0.1.6. It includes the following fixes:
- Now it supports Pingback as well as Webmention
- Improved the threading defaults and connection pooling
- Also checks entries for updates even if the feed didn’t change (in case something changed in the more text or page metadata or whatever)
Anyway, it should just be a
pip install --upgrade pushl (or
pipenv update) away.
Posted Saturday, December 22 at 1:35 AM (11 months ago)
While I’m fixing random stuff in Publ, I figured I’d finally fix some problems with Pushl too. Nothing major here, just:
- Stability: Fixed a bug where feeds that don’t declare links caused the worker to die before entries got processed
- Performance: Now we use a global connection pool (so connections can be reused)
- Fixed a minor correctness issue with archive feeds (which actually doesn’t make any difference in the real world but whatever)
Posted Thursday, December 20 at 11:14 PM (11 months ago)
Are you using webmention.io as your webmention endpoint? Want to get your incoming webmentions displayed on your website?
Well you’re in luck, I wrote a simple-ish script for that. (You’ll probably also want to see the accompanying stylesheet too.) And it doesn’t even require that you use Publ – it should work with any CMS, static or dynamic. The only requirement is that you use either webmention.io or something that has a similar enough retrieval API.
I wrote more about it on my blog, where you can also see it in use. For now, I’m just going to use the sample site repository to manage it (and issues against it).
It’s MIT-licensed, so feel free to use it wherever and however you want and to modify it for your needs. I might improve it down the road but for now it’s mostly just a quick itch-scratching hack that does things the way I want it to.
Posted Wednesday, November 28 at 1:18 AM (a year ago)
I just released Pushl v0.1.3, which adds some minor performance optimizations and a bug fix.
Originally I was hoping to have a major performance optimization, in the form of having rewritten Pushl from thread-per-connection to async operation, but unfortunately I ran into a bunch of problems with it. Mostly that I was running into a “too many open files” error and I couldn’t figure out what was causing a descriptor leak. I have the work-in-progress branch online if anyone wants to take a look at it.
Anyway, the reason I went down this route is because I added WebSub subscriber support to my fork of Feed-On-Feeds, which makes it so that WebSub-enabled RSS and Atom feeds will push their updates to your reader instead of having to wait for a polling interval.
You can read more about some of my other thoughts on a blog entry that quickly devolves into a rant, if you’re so inclined.
Posted Wednesday, October 10 at 10:41 PM (a year ago)
I’ve gotten Pushl to the point that I’m confident in releasing it as a full alpha and having a cron job run it every 15 minutes. Whew.
I’ve also added some
h-entry markup to the Publ site templates so that hopefully the notifications appear at least somewhat reasonably elsewhere.
I really need to redo these site templates now that I have a better idea of how they go together. Also the quickstart guide could be a lot better.
Posted Monday, October 8 at 11:53 PM (a year ago)
I finally got around to releasing a very rough prototype of Pushl to pypi. It only sends out WebSub notifications for now (does anyone even use those?), but I’ll work on actually implementing WebMention soon.
Also, recently someone pointed out to me fed.brid.gy which makes it easy to turn a static site into an ActivityPub source. At some point I’ll experiment with setting up Publ for this; it looks like it’s just a matter of adding a couple of additional route rules to Publ, so that will probably go into an advanced configuration guide if I ever get around to making such a thing. (Or it could actually be added to Publ directly but there isn’t much of a reason for that, IMO.)
Posted Saturday, September 29 at 9:00 PM (a year ago)
So, for the last couple of days I’ve been playing with some of the IndieWeb concepts, in particular Webmention. Spurred on by a helpful thread with Kevin Marks, I took some time to actually do a rough implementation of outgoing Webmentions, and also did some of the work to set up the
h-entry microformats on my main site.
As far as I can tell, it works great, but I’m also not going to actually merge this to master or push it to production. Read on to see why!