Since adding user authentication to Publ, I’ve been thinking of ways of allowing people to subscribe to sites from feed readers while getting their own native authorization, so that people can see entries directly in their readers rather than needing the clumsy mechanisms of unauthorized placeholder entries.
Out of the box, Publ authentication does support a shared cookie jar; if you can provide your cookies to your feed reader in some way, then things will Just Work. Unfortunately, I don’t know of any feed readers that actually support this, at least not easily. (Back when most browsers had a feed reader built-in this was a lot simpler. But time marches on.)
The two mechanisms which seemed most promising are AutoAuth and “magic links,” where users get signed URLs that come pre-authenticated and show the full authorized content for that user. AutoAuth is still in a draft phase that’s stuck in a chicken-and-egg situation (and also requires a lot of buy-in to IndieWeb protocols, which is still a pill too large to swallow for most of the folks who follow my blog), so magic feed links seemed like the best path forward.
Improved and simplified the caching behavior (fixing some fiddly cases around how ETags and last-modified worked, or rather didn’t)
I also made, and then soon reverted, a change around how entry IDs and publish dates were automatically assigned to non-published entries. I thought it was going to simplify some workflow things but it only complicated the code and added more corner cases to deal with, all for something that doesn’t actually address the use case I was worried about. So never mind on that.
(What happened to v0.3.8? I goofed and forgot to merge the completed more_text et al changes into my build system first. Oops.)
I’ve started working on Pushl in earnest now, and one thing that was really bugging me about this is that anything which polls feeds and entries would really benefit from having client-side cache control working. Which was a big missing feature in Publ.
The short version: for any given view it figures out (pessimistically) what’s the most recent file that would have affected the view (well, within reason; it only looks at the current template rather than any included templates, which is pretty difficult to do correctly) and uses that to generate an ETag (via metadata fingerprint) and a Last-Modified time (based either on the file modification time or the time the entry was actually published).
There’s probably a few corner cases this misses but in general this makes client-side caching of feeds and such work nicely.
I found a few more annoying bugs that were shaken out from the whole PonyORM transition, as well as a couple of bugs in the new shape functionality. There’s probably a few more of these bugs lurking in the codebase (I mean, in addition to the existing bugs I know about), but here’s what’s changed:
Image shape bugs:
Fix some FileNotFound handling on images (so shape errors propagate correctly)
Make img_class and class work correctly per the documentation
Did you know that CSS3 has a style called shape-outline? It’s pretty neat, it makes it so that a floated object gets a shape based on the alpha channel of its specified image. But it’s kind of a pain to set up; in plain HTML it looks something like this:
and if you want a different shape mask for your image than its own alpha channel, you have to do a bunch of stuff like making sure that the image sizes are the same and whatever.
For a number of reasons, I have replaced the backing ORM. Previously I was using peewee, but now I’m using PonyORM. The primary reason for this is purely ideological; I do not want to use software which is maintained by someone with a track record of toxic behavior. peewee’s maintainer responds to issues and feature requests with shouting and dismissive snark; PonyORM’s maintainer responds with helpfulness and grace. I am a strong proponent of the latter.
PonyORM’s API is also significantly more Pythonic, and rather than abusing operator overloads for clever query building purposes, it abuses Python’s AST functionality to parse actual Python expressions into SQL queries. Seriously, look at this explanation of it and tell me that isn’t just amazing.
So, sorry to anyone who was subscribed to the RSS feed for this and got spammed with v0.1.24 release announcements. I made a mistake and pushed a version of the entry that didn’t have a canonical ID assigned yet, and as a result, every time Heroku spun up, it assigned a new ID. This is something that’s happened before and I really ought to do something about it.
Three things come to mind:
Figuring out how to always make IDs get assigned in an idempotent manner (hard to do correctly)
Don’t run on Heroku so the assignments persist between executions (easy)
Add a pre-push hook to the repo that verifies that all entries alread have an assigned ID (???)
2 seems like the easiest approach for now, so that’s what I’ll probably do.
There’s an old joke in programming, that the two hardest things to do are naming things, cache invalidation, and off-by-one errors. But this doesn’t pay sufficient respect to one of the other hardest things, namely handling date and time.
Today I got two major bits of functionality in: Publ will now asynchronously scan the content index (which speeds up startup and fixes some annoying race conditions with entry creation), and it also asynchronously generates image renditions (which makes pages not take forever to load on first render, and will also use multiple CPU cores if available). Seems to work well so far.
I was running into scaling problems with beesbuzz.biz (what with there being a couple thousand entries and some pages with hundreds of images on it) and this keeps it feeling pretty good.
I’ve had people ask me why I’m not building Publ using PHP. While much
has been written on this subject from
a standpoint of what’s wrong with the language (and with which I agree quite a lot!), that isn’t, to me, the core of the problem with PHP on the web.
So, I want to talk a bit about some of the more fundamental issues with PHP, which actually goes back well before PHP even existed and is intractibly linked with
the way PHP applications themselves are installed and run.