David Shanske

  • New York New York United States

My day job is in training for an airline. I also develop Indieweb WordPress plugins so that others can take control of their online identity.

Today is Columbus Day/Indigenous Peoples Day in the United States. In honor of same, I’m writing about Lebn Zol Kolumbus, a song from the 1915 Thomashefsky production, Der grine milyoner. In the song, the immigrant characters praise Columbus for setting in motion the events that led to an America of opportunity for them.

Jane Peppler’s rendition comes with historic notes, as she includes the two verses that were removed by the time the play launched in 1915, which included references to the case of Leo Frank and an anti-immigration bill. It is also the only version I found online with subtitles.

The musical Ragtime even pays tribute to the song in their song, A Shtetl Iz Amereke, where some of the lyrics and tune of the song were incorporated into, though played at a lower tempo.

For more about the Thomashefskys, I recommend their grandson’s musical tribute to them that was broadcast on PBS in 2012.

I heard some social networks were down. As long as I have my website, my social network is always running. If you’re interested, join the #indieweb community on Wed at 6PM PST/9PM EST for Homebrew Website Club, this weekend for Create Day. All events at events.indieweb.org.

IndieAuth for WordPress Version 4.1.0

IndieAuth 4.1.0 was Released. One of the biggest changes were fixes as a result of the doubling of unit tests, which allowed several small scenarios to be troubleshooted, as well as other under the hood fixes.

In addition, the introduction of refresh tokens and an introspection endpoint, as discussed in the last Indieauth popup.

Finally, an experimental ticket auth endpoint, which is disabled by default, which can be enabled by added define( ‘INDIEAUTH_TICKET_ENDPOINT’, true ); to your wp-config.php file.

Ticket Auth is an developing spec that I’ve commented on before. This endpoint received tickets and redeems them…and at the moment, nothing else(which is why it is not enabled by default). That and the fact that we have not yet iterated on how to use the token once it is received.

IndieAuth Popup – August 2021

At the end of last month, a group got together to discuss some of the outstanding issues in IndieAuth. We had two similar sessions in 2020 and the specification is better for it(see Aaron Parecki’s summary of changes), however, we left many issues on the table due time considerations.

The spec hasn’t been updated yet, but here are some notes on the new changes. We’re hoping to follow up at another session before the end of the year.

  • Tokens having an expiration is now recommended, but not mandatory. This would mean the token endpoint would return the ‘expires_in’ parameter as part of the access token response, indicating the number of seconds till it expires.
  • In order to support expiring tokens, the access token response may now return a refresh token. The token endpoint will support the grant_type refresh_token in order to utilize these tokens to get a fresh access token. Refresh Tokens are common in OAuth2 and there would be no changes from the existing specifications.
  • Adoption of the OAuth2 Token Introspection Specification, with the token endpoint acting as the token introspection endpoint. At this time, that spec requires authentication to use the endpoint, whereas IndieAuth’s existing token verification interaction does not. This question is ongoing, as to whether we should specifically drop the auth requirement.