Passover circa 1984
IndieWebCamp Berlin is an all-levels BarCamp-like collaboration in Berlin for two days of keynotes, brainstorming, creating, teaching, and helping gain more control over our data and lives online!
The ninth annual gathering for independent web creators of all kinds, graphic artists, designers, UX engineers, coders, hackers, to share ideas, create and improve their personal websites, and build upon each others creations.
Simple Location 3.7.0 Released
Simple Location Version 3.7.0 was released. This version fixes an issue where Micropub post locations were not showing because they were defaulting to private.
Going forward, Micropub posts with a location property will be set to public by default unless the client sends information indicating otherwise.
To support fixing the ones set incorrectly, there is now a bulk action to set multiple posts to private or public.
For Micropub posts without a location property, there is now a setting to add one from the backend geolocation provider. This will obviously not work with the web browser based provider, only the ones that work in the background. There are currently 2 bundled in.
- Set Location from Author Profile – This will always pull the location set in the user’s metadata. You can read about how to set this here. Thereotically, any external provider that supports HTTP requests could use this
- Compass – Aaron Parecki’s location storage system. I selfhost my own copy.
In a future update, will be looking to set Compass API lookup per user so each user could have a separate feed for location.
Went for a walk.
Simple Location 3.6.3 Released
Version 3.6.3 of Simple Location has been released. This adds Aaron Parecki’s Compass server as a location provider.
Location providers in Simple Location look up the current location of the user. As I write this, I realize that I set it up to globally look up the location, and I could make it, since Compass has users, allow for a different lookup per user. Future feature, I suppose, along with looking up historic location.
Since I hate to do just one thing, I added in a new weather provider that had been on my list, APIXU.
The goal I have in adding as additional providers that perform the same function…map, weather, location, reverse geocoding, elevation is that I do not want to be beholden to one company. If my access shuts down, I can switch to another one. Someday, I may implement automatic fallover.
Setting up Compass with GPS Logger for Android
After much debate about whether to build my own solution or install one, I installed Aaron Parecki’s Compass.
Compass is a GPS Tracking server. It is specifically tailored to an iOS app Aaron developed called Overland. Which creates a problem as I am an Android user.
So, I needed an Android app that could send data to Compass. I tried GPS Logger. It is a popular GPS Logging app, although I’m not sure if it was intended for 24 hour a day use. It seems the biggest use cases it is used for would be gps tagging of photos and tracking hacks.
It supports logging to a custom URL. THe following settings have to be set
- URL: https://example.org/api/input?token=xxxxxxxxxxxxxx
- HTTP Header: Content-Type: application/json
- HTTP Method: POST
- HTTP Body: { “locations”: [ { “type”: “Feature”, “geometry”: { “type”: “Point”, “coordinates”: [%LON, %LAT, %ALT] }, “properties”: { “timestamp”: “%TIME”, “speed”: %SPD, “direction”: %DIR, “activity”: “%ACT”, “provider”: “%PROV”, “battery_level”: %BATT, “horizontal_accuracy”: “%ACC”, “annotation”: “%DESC”, “device_id”: “%SER” } } ] }
The above sends a variety of preset parameters GPS Logger provides in the format Compass expects.
Micropub 2.0.9 Released
Micropub Version 2.0.9 was released. It includes support for media endpoint queries q=last, which retrieves the last image uploaded, as well as q=source, which is not fully fleshed out as a return option.
It also adds a key to the uploaded media from the Micropub endpoint so you can query items uploaded via the endpoint vs ones not.
Adds a filter to help generate post slugs from microformats data.
Released a new version of Post Kinds. This fixes the ?kindurl= variable that externally sets the URL in the post editor to allow it to be passed from another program. It also adds a basic template for and enables usage of the eat and drink kinds.
Realized that the IndieAuth for WordPress update I pushed last week, because it uses more secure SHA256 hashing, should have prompted people to refresh their tokens. Sorry everyone. You’ll have to revoke your old tokens and get new ones. Apologies. Good opportunity to visit the manage token page under the User menu if you’ve never seen it.
Tonight, I went to hear the megillah as tonight is Purim. I was remembering when I was in college, was sick, and someone came to my room to read the megillah and used my dresser as the bimah.
Indieauth for WordPress 3.3 Released
The 3.3 branch of IndieAuth for WordPress is now available.
- PKCE Support is now present in Indieauth for WordPress. PKCE protects against intercepted authorization codes by ensuring a token endpoint can confirm that the client attempting to redeem an authorization code is the same client that requested it.
- Token generation is now done using SHA256, as opposed to the built-in WordPress Hashing.
WordPress hashing combines key stretching with eight passes of MD5. MD5 by itself is not very secure, but the WordPress hashing is much more so. The reason why a hash that isn’t more secure isn’t in WordPress Core itself is the fact that the features require newer versions of PHP than WordPress’s minimum version.
The change to using SHA256 bumps the minimum PHP version of the plugin to PHP5.4. That said, WordPress itself has scheduled finally upping its minimum to PHP 5.6 in WordPress Version 5.2 scheduled to be released next month, and will be looking to leverage anything useful in those versions. That may also cause WordPress itself to change its hashing to something less controversial.
The 3.0 branch of IndieAuth has added a lot of useful features.
The last release added profile support for returns, which allows a client to get the name and avatar of the user associated with the token, for display. The WordPress plugin was the first IndieAuth endpoint to adopt this experimental option, which is still under development, and Quill had to be updated to support it as a reference implementation.
IndieAuth is a fairly stable plugin, but there are still opportunities in future for expansion. A few things I’d like to do in future.
-
- Invalidate Tokens when a User Changes their Password
- Bulk Actions to Expire Tokens
- Implement Scope Support – Right now this is handled by whatever is being accessed, not the Indieauth plugin itself. This would be possible by mapping scopes to WordPress user capabilities.
Curious what others might want to see.
Indieweb Post Kinds 3.2.0 and Micropub 2.0.8 Released
Tonight, two releases of WordPress Indieweb plugins.
Micropub 2.0.8 was released, adding some minor changes to support the new check-in option offered in Indigenous for Android.
Indieweb Post Kinds 3.2.0 was released. It switches from SVG sprites to inline SVG icons, removes some extra files that were bundled as part of the plugin but only needed in the development version, and adds a basic template to display events and itineraries published via Micropub.
It also includes the latest version of Parse This, which handles the storage of microformats in WordPress as well as parsing and processing data from URLs for the link previews.
This adds a bunch of fixes to functionality, despite the fact that this is an incremental update to Post Kinds itself, it should be a better experience, as the ability to get title and data out of Youtube is back, along with enhancements to extract author information out of additional sites.