Marty McGuire

Recent Posts

Thu Aug 11

Are you hanging loose during eternal Caturday?

Wed Aug 10

Are you showing off your object work during eternal Caturday?

Tue Aug 9
📗 Want to read Light from Uncommon Stars by Ryka Aoki ISBN: 9781250789068

Are you following suggestions during eternal Caturday?

Mon Aug 8

Are you compelled to make bonus content during eternal Caturday?

Sun Aug 7

🗓️ Advanced Improv 2 Class Show

Magnet Theater 254 West 29th St (btwn 7th and 8th Ave.) New York NY 10001
📆 Add to Calendar: iCal | Google Calendar

Come see the graduates of Advanced Improv 2 - two teams tentatively named SPIT and Side Bar - perform for YOU! Everything made up on the spot! Nothing you will see has been performed before and it ever will again!

Starting with an input from the audience each team will bring to life a series of new characters and ideas that will evolve as we revisit them throughout the show!

This is the first of six shows! Can you collect all 6?

Tickets are $5. See you at the Magnet Theater on Sunday August 7th at 7:30pm US/Eastern

Are you engaging with the latest content during eternal Caturday?

Sat Aug 6
Map tiles by Stamen Design, under CC BY 3.0. Data by OpenStreetMap, under ODbL.
📍 Checked in at Patacon Pisao, New York, NY.

Happy little arepas

Map tiles by Stamen Design, under CC BY 3.0. Data by OpenStreetMap, under ODbL.
📍 Checked in at Wonderville, Brooklyn, NY.

Finally visiting this place!

Are you peeking behind the curtain during eternal Caturday?

Fri Aug 5

Are you getting good reception during eternal Caturday?

Thu Aug 4
🔖 Bookmarked AI-Generated Images from AI-Generated Alt Text — Adrian Roselli https://adrianroselli.com/2022/08/ai-generated-images-from-ai-generated-alt-text.html

Some good points in here about alt texts and the experiences they can provide when done well, when done badly, and when done by machines (badly).

Has everything shipped as expected during eternal Caturday?

Wed Aug 3
Map tiles by Stamen Design, under CC BY 3.0. Data by OpenStreetMap, under ODbL.
📍 Checked in at The Sampler BK, Brooklyn, NY.
Map tiles by Stamen Design, under CC BY 3.0. Data by OpenStreetMap, under ODbL.
📍 Checked in at The Brooklyn Mirage 2.0, Brooklyn, NY.

Let’s see a music show

Are you feeling dainty during eternal Caturday?

Tue Aug 2
Map tiles by Stamen Design, under CC BY 3.0. Data by OpenStreetMap, under ODbL.
📍 Checked in at Cooper's Craft and Kitchen, New York, NY.

Are you, uh, comfortable where you are during eternal Caturday?

Mon Aug 1

Are you comfortable any old place during eternal Caturday?

Sun Jul 31

Switching costs for an IndieAuth server

One of the things I love about building with IndieWeb building blocks is that (sometimes through more work than anticipated) you can swap out pieces of your site without (much) disruption because the seams between building blocks are well specified.

So, this is me documenting how I replaced my IndieAuth setup to stop leaning on Aaron’s IndieAuth.com (which has been on the verge of retiring any day now for some years).

Please excuse this long and rambling post. Feel free to skip around!

What is IndieAuth?

At a high-level, IndieAuth is a way to sign in using your website as an identity.

Without digging too deeply into the plumbing, you start by updating your website’s homepage with some extra header info that says “my IndieAuth service is over there”. From there, you can sign into services that support IndieAuth (like the IndieWeb wiki, the social feed reader service Aperture, and more. And you can use your IndieAuth server to protect your own services, such as a Micropub server that can create new posts on your site.

Why switch?

I’ve been using indieauth.com as my IndieAuth setup since late 2016 because it was easy to set up, because it uses something called RelMeAuth to let me sign in using services I already trust (like GitHub).

However, indieauth.com has been growing stale as the IndieAuth spec has evolved. indieauth.com’s maintainer has been discussing replacing it since at least 2017.

The inciting incident for my switch was looking at OwnCast - a self-hostable video streaming service with attached chatroom. OwnCast’s chat allows using IndieAuth to sign in, which sounded great to me, but OwnCast’s implementation wasn’t expecting indieauth.com’s old-style response format.

Why set up my own?

There are a bunch of IndieAuth server implementations listed on the IndieWeb wiki. However: simplest of them (selfauth + mintoken) are now out of date with the spec and haven’t been replaced, yet. Others tend to be built into other CMSes like WordPress. A couple of standalone servers exist but are in languages I am not comfortable working in (hello Rust and Go) or have deployment requirements I wasn’t thrilled about supporting (hello Rails).

I found Taproot/IndieAuth on this page and that looked promising - a PHP library intended to be deployed within a fairly standard PHP web app style (“any PSR-7 compatible app”).

I knew this would be some work but it sounded promising and so I began the week-ish long process of actually writing and deploying that “PSR-7 compatible app” built on taproot/indieauth.

tl;dr say hello to Belding

Belding is an “PSR-7 compatible” PHP web app that provides a standalone IndieAuth endpoint for a single user with a simple password form for authentication.

I would love to go into the process and pitfalls of putting it together, but instead I’ll link to the README where you can learn more about how it works, how to use it, its limitations, etc.

Switching costs for an IndieAuth server

1. Tell the World

First up, you’ll need to update the headers on your site. I switched my authorization_endpoint and token_endpoint to my new server from indieauth.com. Since I’m updating to support the latest spec, I also added the indieauth-metadata header (which should eventually replace the other two).

Now that your site is advertising the new IndieAuth server, you will likely experience logouts or weird access denied reponses everywhere that your site has been used with IndieAuth.

2. Tell your own services

I needed to configure my own “relying apps” so they know to talk to the new server when checking that a request is allowed. This list thankfully wasn’t too long.

Beyond the effort of getting my server working as an indieauth.com replacement, I also took steps to try and support the latest in the IndieAuth spec. That meant updating these micropub servers to use the new “token introspection” feature which has some tighter security requirements.

(Note: I initially made the same change for my self-hosted copy of Aperture, but found it would be too many changes for me to take on at the moment. Instead, I updated by IndieAuth server to allow the older and less secure token verification method used by Aperture.)

3. Sign-in to all the things again \o|

Once all my relying apps were all talking to the new IndieAuth server, it was time to re-sign-in to all the things:

Takeaways

There are a lot of improvements I’d like to make to Belding, but in general I am happy that it seems to work and, outside of the time to develop the server itself, my website and the tools I use to manage it were only broken for about a day.

I think it’d also be really nice to wrap up Belding a bit so it’s easy to configure and deploy on free-and-cheap platforms like fly.io. I believe it should be easier for folks to spin up and control their own IndieWeb building blocks where possible!

It’s also become clear to me that there are some user- and developer-experience holes around setting up relying apps. The auth requirements for token introspection, for example, means you need a way to manage access for each “backend” that you have that relies on IndieAuth to protect itself!

Long story short (too late) I am finally able to sign into OwnCast server chat using my domain. 😂😅

Are you getting your reps in during eternal Caturday?

Sat Jul 30

Are you putting in the effort during eternal Caturday?

Fri Jul 29

Are you excited to be here during eternal Caturday?

Thu Jul 28

Are you letting go of tension during eternal Caturday?

Wed Jul 27

Are you social loafing during eternal Caturday?

Tue Jul 26
📗 Want to read Chokepoint Capitalism: How Big Tech and Big Content Captured Creative Labor Markets and How We'll Win Them Back by Rebecca Giblin ISBN: 9780807007068
📗 Want to read A Half-Built Garden by Ruthanna Emrys

Are you watching with anticipation during eternal Caturday?

Mon Jul 25
📗 Want to read Lord of Light by Roger Zelazny ISBN: 9780060567231
🔖 Bookmarked HOPE 2022 Resources http://rollti.me/hope2022/