Fall leaves on the sidewalk with a bit of a green bush visible in the top right corner
Sunset on the beach

1. San Diego can have little a fall, as a treat.

2. They took an hour from us but at least I can still enjoy this.

★★★☆☆ Live Wire by Harlan Coben

The plot was kind of average and the reveal at the end seemed far-fetched, but overall an enjoyable read. I picked this one up from a neighborhood Little Free Library because I had read one of Coben’s other books and enjoyed it. I didn’t realize it was part of a series, but it worked alright as a standalone read.

Finished reading: Live Wire by Harlan Coben (ISBN 9780525952060)

Joe brought CSS Battle to my attention today. I enjoy CSS but most of my daily work with it is routine stuff like forms, nothing too fancy or creative. I decided to try it out and in true indieweb fashion, I wanted to post the results on my site.

The 2023-11-14 Daily Target seemed like a good chance to brush up on CSS Grid. I got my solution down to 342 characters when minified. I must say it hurt a little to remove the quotation marks on HTML attributes. :]

It looks like the daily target switches over at midnight UTC, so I was too late to submit this today. Still a fun exercise and looking forward to more.

I like this CSS image reset after watching Kevin Powell’s walkthrough.

Also intrigued by the post he linked, “The Ultimate Low-Quality Image Placeholder Technique.”

In reply to: https://www.jvt.me/mf2/2023/11/imcyu/

Not sure that can work directly with the GROUP_BY query, but I tried below with only SUM and IF. It will depend on how the "quantity" of each type works. Below assumes it's quantity=1 for each.

	SUM(IF(advisory_type = 'SECURITY', 1, 0)) AS total_security
	,SUM(IF(advisory_type = 'DEPRECATED', 1, 0)) AS total_deprecated
	-- conditions
	-- need to group by something here

In reply to: https://github.com/indieweb/indieauth/issues/127

I’ve implemented this: my ticket_endpoint will accept a (currently optional) iss parameter. If that’s included, the endpoint will check that the issuer URL advertises indieauth-metadata endpoint and is valid as described in the spec.

I think I like this solution to the privacy concern. It also avoids the overhead of advertising endpoints on multiple resource URLs. So I lean towards requiring the iss when sending a ticket. However, I’m not sure how many implementations might send an issuer URL that does not advertise the metadata endpoint.

I now have the building blocks for Ticketing for IndieAuth set up.

On my staging site, the metadata endpoint now advertises the ticket_endpoint. That endpoint is accepting POST requests with parameters: ticket, resource, and subject. If the request is valid, it will be stored and return HTTP 202 with the message “Accepted.” Tickets are not automatically redeemed yet.

In the IndieAuth module admin, I set up a page to issue a ticket by entering a URL for “Allow access to” (the resource) and “Send ticket to” (the subject). Submitting that form will check the subject URL for an indieauth-metadata endpoint that advertises a ticket_endpoint. If that is found successfully, a ticket is created and sent there.

Finally, I updated the token_endpoint to accept POST requests with grant_type=ticket and exchange the ticket for an access token.

Next I will be working on automatically redeeming received tickets for access tokens and setting up some private posts to work with granted access tokens.

I am currently using the same code that generates authorization codes to make the tickets. I think this should work fine because it already handles creating an opaque string that is valid for a short period of time (5 minutes). The module also ensures these can only be used once and logs key information for each request like client_id (source code). I need to run some tests to ensure tickets can’t be used as authorization codes and I might need to add some metadata to differentiate the two in the admin area.

Feel free to try to send a ticket to my staging site and ping me in IndieWeb dev chat. I can also send you a ticket if you’d like to try that out. I look forward to discussing this with other implementers!

The CDC’s HICPAC has proposed guidance that will weaken infection control in healthcare settings. They have a rather short period for written comments, “…opened November 1, 2023, and will close at 11:59 pm on November 6, 2023.” I presume that is Eastern timezone.

Below is the message I sent, including links to more information. Please take a moment and send an email yourself! hicpac@cdc.gov

Subject: Strengthen infection control guidance

To: CDC’s Healthcare Infection Control Practices Advisory Committee (HICPAC)

I am writing to join my voice with the National Nurses United (NNU), People’s CDC, and thousands of experts in public health — calling on HICPAC to strengthen the guidance on infection control and fully recognize the aerosol transmission of SARS-CoV-2. The proposed updates weaken the guidance and do not adequately follow the current science on transmission. This will put more healthcare workers and patients at risk.

I am also urging more openness and transparency in your processes. You should be seeking input from frontline workers and other experts in respiratory health. Draft guidance should be published along with the scientific evidence well in advance, with an ample time for the public to make written comments.

Thank you,
Gregor Morrill

The border:none conference was in Germany last week followed by an IndieWebCamp event, so several indieweb people were there. In the chat, the amount of current Covid cases was brought up and a mention of how few were masked in a crowd of about 200.

My heart sank — a feeling I’m unfortunately getting more and more used to. I commented “in-person conferences may just be a thing of the past for me at this rate 🫠.” I followed that with an explanation that it’s the psychological and emotional weight of being in spaces like that. I have to psych myself up. It feels really isolating; the “alone in a crowded room” feeling.

Tantek helpfully tried to put a positive frame on it as “an interesting exercise in independence and not bowing to implied / perceived social pressure” and the idea that it can help train us to be independent thinkers. I’ve been thinking on that for a bit now. I think there is some truth to that, but I also feel pretty well-trained in that regard after almost 4 years of this.

For me, it’s important to remember that the context of this training is the nearly unmitigated spread of a virus with long-term health impacts. That’s a big part of the psychological weight. I can’t emphasize enough how important community care has become to me. It’s not just my health that I’m concerned about when I’m in a crowd. Looking around and seeing that the majority are not taking basic precautions (for whatever reason) really weighs on me. We know these precautions make everyone safer, but so many people have bought into the hyper-individualism of the moment.

I love the work that Clean Air Club is doing in Chicago, crowdfunding and trying to make concerts safer by providing free air purifiers. They posted a reel recently that I think explains the importance of being proactive in prioritizing Covid safety and accessibility. Here is a transcript of the audio (emphasis mine):

Going to shows the past few years, it seems like nobody is masking anymore. But the reality is that Covid cautious people are being pushed out of these spaces. There’s a selection bias at crowded events. If you do attend and choose to mask, you feel like the only one. But you’re not.

This is a classic paradox of inaccessibility. Because a space is inaccessible to Covid cautious people, they aren’t able to join. But because they aren’t able to join, it appears that there is no demand for Covid cautious spaces. It’s feedback loop that entrenches ableism in our music scene. Artists, event hosts, and venues most of all have an obligation to interrupt this loop.

Prioritize Covid safety.

Clean Air Club,

This has me mulling over what policies I will promote if/when I’m in a position to organize in-person events again, as well as what I will request/encourage other event organizers to implement. I hope to write more on that soon.

Welp, the Instagram gods decided that this comment was spam/abusive and immediately removed it. My first guess is the fist emoji, but the common meaning of that is “solidarity,” especially in the context of an activism post like that. I tried to comment again without that emoji but got a generic “try again later” message. Maybe the automated system thinks it’s a misleading comment about IG features, but it’s not.

Today I tried commenting on someone else’s Halloween costume and got a more extensive message:

“Try again later. We restrict certain activity to protect our community. Based on your use, this action will be unavailable for you until 2023-10-31. Tell us if you think we made a mistake.

Learn more in account status (link)”

Of course that learn more link doesn’t work and only takes me back to the homepage. Seems pretty excessive for leaving a friendly comment on a mutual’s post — not even a stranger.

In reply to: https://www.instagram.com/p/Cy_8O1eP-VK/

🔥 Awesome! Can I suggest adding the text for each image in the alt text? That makes it more accessible for screen readers. Can be set from the three dots menu, edit, then edit alt text. ✊

I realized this month has been 6 years of me living in San Diego. That’s wild. That’s the longest I’ve lived in one place since I left Indianapolis in 2011. Of course it hasn’t felt that long because I still feel stuck in time in 2020.

In reply to: https://bsky.app/profile/gretchenalice.bsky.social/post/3kcql2rwo2k2a

Like they say, write what you know.