Sam Wilson's Website

August 2021

  1. By .

    The file that is attached to this post.

  2. By .

    The file that is attached to this post.

  3. By .
  4. By .
  5. By .

    The file that is attached to this post.

  6. By .

    I’ve been cutting more tenons, and experimenting with the accuracy of the cheek cuts: I mark out the width of the tenon from the mortise chisel, laying it on the end grain of the piece. This is marked with a sharp pencil, rather than a knife, because the actual line is scored with a marking gauge (off the face side). It’s easy to mark the pencil point, and not too hard to cut to the line, but the trick seems to be in how the gauge is set in relation to the pencil mark. It needs to be just on the outside of the width of the graphite, rather than marking the actual width of the chisle — when the mortise is cut, it’ll be slightly wider than the chisel, by a matter of 0.5 mm or so, and so the saw cut needs to take this into account. Get it right, and the tenon will fit the mortise snugly (i.e. not too tight, and not with too much air). I’ve been varying the line by tiny amounts for each one I’m doing, and it’s surprising how much difference it makes to the final fit. One day I’ll be able to do a good one repeatably!

  7. By .

    The file that is attached to this post.

  8. By .
  9. By .

    Everyone says you should’ve build your own blogging platform, because then all you’ll ever write about is the platform itself and no one wants to read that. It’s a fairly accurate idea, unfortunately. In my defence, I’m actually finding that having my own blogging (and photo) platform is saving me lots of time on things like copying photos to Commons and finding duplicates — so even if no one reads any of this, it’s still been worth making this thing.

    Anyway, one of the reasons I’ve always avoided building my own platform is that I’ve been worried about security. I’m feeling a bit better on that front now, because of using a bunch of common Symfony patterns and libraries, and also now because I’ve added two-factor authentication to it.

    This means that, after registering a new account and logging in, users are not able to view any page on the site until they’ve set up 2FA. Instead, they’re presented with a QR code, which they scan with a phone app such as Google Authenticator, and that app gives them a six-digit code that is entered in a text box under the QR code. This info is saved against their user account (and for simplicity, it’s only possible to have one such pairing at the moment), and next time they log in they need to provide three pieces of information: their username, password, and a six-digit code from the app.

    There are plenty of issues with my implementation: it forces 2FA; doesn’t have backup codes; doesn’t allow multiple devices; can’t easily be reset; and the login flow is likely quite confusing. I’m happy enough at the moment because none of these are security issues, and I’ll slowly work my way through fixing them. Primarily, I wanted to make the site more secure, and as all the users are either me or people I know personally, I can handle any usability issues.

    I think this is one of the great things about indieweb development: you build what you need, as you need it, and you don’t have to cater to some unknown simplified user. I do try to build everything here as general and reusable as possible (such that it should be possible for someone to set up their own Twyne-powered site, although I dare say that’s reasonably unlikely), but I no longer think it’s worth compromising on features that I actually want.

  10. By .

    I’ve added two-factor authentication support to Twyne. I’ve had this work done for ages, but just haven’t found time to actually merge and deploy it, but I’ve done that now.

    Perhaps at some point I’ll get back to sorting out photos.