@superfeedr thanks for the heads-up, it was a caching issue in #taproot — now squashed with your mention happily on my page! I need to make taproot show names of blog posts instead of/in addition to the first bit of text.
@superfeedr thanks for the heads-up, it was a caching issue in #taproot — now squashed with your mention happily on my page! I need to make taproot show names of blog posts instead of/in addition to the first bit of text.
Fixed a simple security hole in #taproot, uncovered unintentionally by an attack mounted ≈5hrs ago — intent appeared to be to create new user accounts, unintended result was the creation of a new, empty article.
Hundreds of requests were made against URLs similar to these:
/articles/do.php
/articles/modules.php?app=user_reg
/articles/index.php?app=home&mod=public&act=register
/action/sign_up
/articles/sign_up.html
/articles/?page=login&cmd=register
/articles/tiki-register.php
/articles/index.php?page=register&action=register
/index.php?page=item&action=item_add
/articles/index.php?user/create_form/
/articles/join.php
/articles/index.php?dll=register
/articles/index.php?option=com_community&view=register
/articles/register.php
/articles/signup.php
Presumably these URLs are compromised on other systems — needless to say they are far too ugly to exist in #taproot! I’m unsure exactly why /articles
was used as the base URL for the attack in all cases apart from two.
As these URLs don’t exist, and will never exist, it should be safe enough to add server- or application-level filters immediately closing any requests which include them.
Just implemented notifications in #taproot! I get a native, first-class notification when I’m mentioned. Really easy to do with the notification API: developer.mozilla.org/en-US/docs/Web/API/notification
Update: demo video!
Not shown: clicking on the notification navigates to the source of the mention.
Latest #PHP library extracted from #taproot: github.com/taproot/archive your personal opinionated, #indieweb HTML archiver.
Been in use for just over a month now on waterpigs.co.uk, archived 120MB of HTML I’ve linked to/has linked to me.
#taproot now sports a composite homepage feed, meaning it’s not just notes which show up on the homepage, but also articles and music!
Next up: breaking out various post types which I’ve been overloading notes to create, e.g. checkins, audio, photo, into their own things, remove the ability to create “named notes” (that was a stupid, yet well styled, idea) and figure out what to do with all the old notes which should actually be in other categories. Auto-detecting which templates to use for them should be easy enough, but I doubt I’ll be able to move them all into their new homes.
All that old content will have to stay as notes for the purpose of URLs and querying, but in at least some cases can be styled better. Overall I’m comfortable with this, as it leaves history (and, more importantly, URLs) untouched without compromising the reading experience too much.
Reflecting on 2013 with my #family. Biggest things personally have been making my second #gurdy, moving to Iceland and meeting+working with all the great people over here. Lots of #indieweb and #taproot progress, including a great indiewebcamp in September.
Looking forward to 2014: more cooking, more indieweb progress, seeing more of Iceland, going to some gurdy festivals, improving hardware hacking abilities, connecting my gurdy and other devices to the web and each other.
The other detail added to #taproot: #indieweb phoning via SIP and a “Call Me” button. On desktop devices you’ll see it on my homepage in the Elsewhere section. Clicking it on a WebRTC-enabled browser will start an audio call with me if I’m logged into a SIP client.
Next: using a Tropo app as a middleman for providing voicemail transcription and local numbers, improving/providing mobile UI.
After deliberating a little about how to “do” a composite homepage feed, whether or not I should forget about having “notes”, “music” and “articles” and just merge them all, coupled with the fact that I already use notes for replies, I have reached a simple conclusion, of which this post is the first demonstration.
/notes/ and what used to be “Notes” is now my de-facto dump for short-medium length chronological posts of all types. This covers notes, replies, checkins, short articles (basically named notes with more structure) and so on. Posts with a name live at /notes/DDD-name, those without names live at /notes/DDDSSS.
/articles/ retains all content which lived there in the past. Going forward it might become more of a wiki, or a place for very long things like Data Export.
/music/ will retain all it’s content, and be where I post standard musical notation tunes. Audio recordings of those tunes will be posted as audio posts with a link to the relevant tune.
Hopefully these changes, along with improved templating (post-type-specific DOM templates here I come) will make finding, posting and reading posts on #taproot a much more pleasant experience.
@sandeepshetty sure! gist.github.com/barnabywalters/7863676 — included the basic functions plus the convenience class I use and a little demo. Very specific to chronological post storage/indexing, and very much in flux. I’d be interested to hear your thoughts about it.
@sandeepshetty thanks! I’ve wanted to plot tag usage over time for a while now to see if there are any interesting patterns. I’m not using doctrine any more, in fact I’m not even using a SQL database for indexing until I really need one — data stored in yaml files, indexed by a csv file in ~210 lines of code — see also waterpigs.co.uk/notes/4TQNY2
When I post a note, #taproot adds one to the week counter for each tag, then I have an endpoint which makes that data into an SVG.
New in #taproot: tag listing page waterpigs.co.uk/tags with sparklines of per-week usage over the last year
New in #taproot: latest 3 articles and location of last checkin/location post on the homepage — hopefully some useful/interesting context.
Next: mobile-focused homepage design.
@chloeweil great article and great work implementing #POSSE! Interested in your choice to use a database for performance reasons, was that prompted by actual experience or just the cited help thread? fwiw I’m having no performance problems storing >2000 notes in flat files with a CSV file index
New in this version of #taproot:
The local maximum has been overcome, for now. There is still much to do.
And with that, a new release of #taproot was unleashed upon the web.
Had many basic software development lessons hammered in by personal experience over the last couple of years: hierarchy bad. side effects bad. many moving parts bad. undue complexity bad. inconsistency bad. SQL databases fragile. always be reducing.
It’s amazing just how seductive complex, unproductive tools can be. Successfully overcome+abandoned:
PHP remains productive and speedy (with composer, delightful dependency management), python nice with some irritations. jQuery useful when absolutely necessary, plain #js with small libraries loaded via requirejs handle most progressive enhancement concisely. node.js nice for some things, preferring go’s approach to async programming but still not much everyday need for it.
Avoiding middlemen: LESS, SASS, Coffeescript. Unnecessary for most of my work, and more moving parts is bad.
Now bothering me is the frameworky nonsense accumulating in #taproot. Need to cleanse.
I just faked having a task queue for #taproot #indieweb note posting tasks using Symfony HttpKernel::terminate()
and it was the easiest thing ever.
Instances or subclasses of HttpKernel
have a terminate($request, $response)
method which, if called in the front controller after $response->send();
triggers a kernel.terminate
event on the app’s event dispatcher. Listeners attached to this event carry out their work after the content has been sent to the client, making it the perfect place to put time-consuming things like POSSE and webmention sending.
Once you’ve created your new content and it’s ready to be sent to the client, create a new closure which carries out all the the time consuming stuff and attach it as a listener to your event dispatcher, like this:
$dispatcher->addListener('kernel.terminate', function() use ($note) {
$note = sendPosse($note);
sendWebmentions($note);
$note->save();
}
Then, provided you’re calling $kernel->terminate($req, $res);
in index.php, your callback will get executed after the response has been sent to the client.
If you’re not using HttpKernel and HttpFoundation, the exact same behaviour can of course be carried out in pure PHP — just let the client know you’ve finished sending content and execute code after that. Check out these resources to learn more about how to do this:
fastcgi_finish_request()
flush()
HttpFoundation\Request::send()
as a sample implementationFurther ideas: if the time consuming tasks alter the content which will be shown in any way, set a header or something to let the client side know that async stuff is happening. It could then re-fetch the content after a few seconds and update it.
Sure, this isn’t as elegant as a message queue. But as I showed, it’s super easy and portable, requiring the addition of three or four lines of code.
So I got in-stream reply contexts showing — perhaps summaries of #indieweb comments next? I like Facebook’s approach of showing the last 4, a total count and a “show me more” button, which could be implemented simply as a link to the note page initially.
Reply context stream example: http://waterpigs.co.uk/notes?tagged=reply
Still TODO: make the ↪ a link to the in-replied-to page, add the datetime to the title for that link, remove the in-reply-to info from the bottom of in-stream notes as it’s noise now