« Oatmeal

Tagged "security"

Follow this tag

Interesting discovery of the evening: it looks like Firefox will soon be sending all DNS through Cloudflare to enforce DNS-over-HTTPS.

I guess this is good because it obscures DNS queries from ISPs, but maybe bad because it pipes all Firefox traffic through Cloudflare? Having mixed feelings.

While this behavior is on by default, it can be disabled in settings.

mozilla wiki:Trusted Recursive Resolver

Link logging

WebAuthn; A better alternative for securing our sensitive information online

I’ve mixed feelings about this — but tbh, I am not in the lease qualified to opine one way or the other. That being said, I’m really digging the .guide TLD.

Video of a Japanese Space Probe Touching Down on an Asteroid

While I was struggling get some react and an API to cooperate other people were landing a probe on an asteroid.

Grainy image of the probe’s landing zone

The Geography of America’s Mobile and Stuck,’ Mapped

The United States is facing a new class distinction: those who are mobile across state lines, and those who are stuck.

I catch myself (panicked) thinking about this a lot in the context of climate change, wondering where we should live if we are going to be stuck there.

Technical communication is particularly hard for newcomers

One of the key components to good technical communication is the right amount of context.

Cache-Control for Civilians

One of the most common and effective ways to manage the caching of your assets is via the Cache-Control HTTP header. This header applies to individual assets, meaning everything on our pages can have a very bespoke and granular cache policy. The amount of control we’re granted makes for very intricate and powerful caching strategies.

Handy dandy skip to point link

The Growing Complexity Of Developing Websites and the Growing Ease Of Using Site Builders

Developers like to develop. They like code and development tools and they’re bringing more of those things to the design and development of websites. Instead of writing HTML and CSS directly, now we’re told to write both inside Javascript.

Continuing,

The downside of this change is that it’s becoming more difficult for someone new (particular on the design side) to enter the field. The barrier for entry is increasing as the requirements are growing more complex.

I think this is spot on — something that I believe is missing from this conversation, however, is that raising the barrier for entry also runs the risk of making the community even more homogenous.

The Great Divide

Very much in-line with the previous entry:

The divide is between people who self-identify as a (or have the job title of) front-end developer, yet have divergent skill sets.

This article is nice in that it spells out a solution, and offers some guidance for how best to talk about the work of front-end development…and points out that front-end development can mean a lot of different things to a different people.

An exercise in progressive enhancement

A recent project I’ve been tinkering with was a good use case for me to familiarise myself with the actual implementation of a site that works without Javascript, but is enhanced by Javascript when it is available.

Making Things Better: Redefining the Technical Possibilities of CSS by Rachel Andrew

A CSS tech-talk liveblog,

CSS tries to avoid data loss.

Writing in Emacs

A nice little assortment of packages for writing words inside of emacs. I’ll also take this as an opportunity to plug my homespun config that I’m still really digging: tilde.el

Code hidden in Stone Age art may be the root of human writing

🤯

Climate crisis and a betrayed generation

Leading to ⤵️

The Servant Economy

West Marches: Running Your Own

Zelda Breath of the Wild meets table top gaming! An open world, sandbox style RP is something I’ve always wanted to try…maybe set on the high seas! 🏴‍☠️

Check out all these historical Jolly Roger flags from wikipedia

Shout out to the best from the collection, Jacquotte Delahaye’s Back From the Dead Red” flag

Shout out to this, the greatest flag — a lady pirate dancing with a very jolly looking skeleton holding a spear.

Link logging

Tokyo Neapolitan: The New Wave of Japanese Pizza

If you are gonna do a thing, you might as well do that thing as well as you can. 🍕

The Famous Photo of Chernobyl’s Most Dangerous Radioactive Material Was a Selfie

…I looked through all the other captions of photos similar photos of the destroyed core, and they were all taken by Korneyev, so it’s likely this photo was an old-school timed selfie. The shutter speed was probably a little slower than for the other photos in order for him to get into position, which explains why he seems to be moving and why the glow from his flashlight looks like a lightning flash. The graininess of the photo, though, is likely due to the radiation.

Living Systems | James Grier Miller | 1978

Confession — I haven’t dug into this yet. As someone with 2 degrees in Human Ecology (e.g. the interdisciplinary study of people and our environment) I feel obligated to read this.

A bit more background on rights for nature.

Tending the Digital Commons: A Small Ethics toward the Future

What do I mean by the open Web”? I mean the World Wide Web as created by Tim Berners-Lee and extended by later coders. The open Web is effectively a set of protocols that allows the creating, sharing, and experiencing of text, sounds, and images on any computer that is connected to the Internet and has installed on it a browser that can interpret information encoded in conformity with these protocols.

In their simplicity, those protocols are relentlessly generative, producing a heterogeneous mass of material for which the most common descriptor is simply content.” It took a while for that state of affairs to come about, especially since early Internet service providers like CompuServe and AOL tried to offer proprietary content that couldn’t be found elsewhere, after the model of newspapers or magazines. This model might have worked for a longer period if the Web had been a place of consumption only, but it was also a place of creation, and people wanted what they created to be experienced by the greatest number of people possible. (As advertising made its way onto the Web, this was true of businesses as well as individuals.) And so the open Web, the digital commons, triumphed over those first attempts to keep content enclosed.

Autism from the inside

Reframing,

When I come across instances of this folk understanding of autism, I am reminded of Edward Said’s 1978 description of the orientalist gaze, in which the exoticised subjects endure a kind of fascinated scrutiny, and are then rendered without depth, in swollen detail’.

…In this anaerobic environment, the qualities routinely assigned to autistic people — lack of empathy, unworldliness, humourlessness, the inability to love — are the exact inverse of the qualities that a neurotypical society most prizes.

For a moment, let’s flip things over. To an autistic viewer like me, neurotypical life can seem astonishingly unemotional. I’m so overwhelmed by the sensory onslaught of a busy room that I’m almost tearful, while neurotypical folk appear to wade through clouds of sound, light and odour, entirely oblivious. It’s hard to resist the impression that they’re numb, or unreal somehow. They are certainly displaying a lack of affect in the face of extreme provocation. Where I am in constant movement; they are somehow still.

The incredible nature of Abstract Art and how it can change the way you think about everything.

The point of the art wasn’t what you saw on the original painting, but what it left behind after you had looked at it. The experienced stayed and lingered with you. I thought this was incredible, and beautiful and amazing.

Variations On A Utilitarian Theme

Read along, if you will, as I tell a little story of sorts through a series of excerpts. It is essentially a story about the links among prevalent trends involving surveillance, data, security, self-documentation, and happiness.

The Ones Who Walk Away From…Facebook

How I lost my legs and gained… you want me to say something inspiring here

Don’t miss the author’s sneaker reviews.

Component frameworks and web standards

This post has three parts: in the first, I look at what I like about the web standards stance” or a vanilla approach”. In the second, I share what I liked when I used a JavaScript component framework. In the last part, I look at whether these two approaches are actually different: maybe I assumed a false dichotomy?

How to master advanced TypeScript patterns

This Medium post sneaks in a pretty solid overview of currying (as I understand it, at least).

We Need Chrome No More

The dominance of Chrome has a major detrimental effect on the Web as an open platform: developers are increasingly shunning other browsers in their testing and bug-fixing routines. If it works as intended on Chrome, it’s ready to ship. This in turn results in more users flocking to the browser as their favorite Web sites and apps no longer work elsewhere, making developers less likely to spend time testing on other browsers. A vicious cycle that, if not broken, will result in most other browsers disappearing in the oblivion of irrelevance. And that’s exactly how you suffocate the open Web.

Flashback to the last week’s link log, from Choo’s documentation:

A fun way to think about browsers, is as a standardized Virtual Machine (VM) that includes high-level APIs to do networking, sandboxed code execution and disk access. It runs on almost every platform, behaves similarly everywhere, and is always kept backwards compatible.

The Super Tiny Compiler

Learn about compilers by reading through a very tiny one.

Dynamicland

Our mission is to incubate a humane dynamic medium whose full power is accessible to all people.

Field Guide to Bash Terminals

A bit shorter than the bash man page. Good, basic, info.

A Beginner’s Guide To Dragon Ball

The biggest lie you’ll ever hear about Dragon Ball from both fans and critics alike is that there are long stretches of episodes full of attacks charging and nothing else. It was something I had always heard about the show and was warned about when I decided to check it out. I waited and waited for these fabled episodes and by the end of DBZ, I realized they don’t exist

Once upon a time I watched a ton of Dragon Ball and One Piece…in French. They use the imperative tense a lot. I’d like to re-watch some of each in English one day.

Link Logging

The Linux of social media”—How LiveJournal pioneered (then lost) blogging

Like many eventual household names in tech, LiveJournal started as a one-man project on a lark, driven by a techy teenager with too much time on his hands.

Many” seems like a stretch, here. I think the modern cultural myth of the boy genius starting a big Internet thing is exactly that…a myth. Like most myths there is a glimmer or incipit bit of truth at the heart of it, but a myth does not define a pattern.

Canon Is An Abyss

On poop, wizards, authorial intent, the canon, the bible, and the abyss.

Complications arise, however, when authors write what amounts to fan fiction about their own works: aftermarket pieces which extend or challenge their previous output and what was assumed, perhaps incorrectly, to be the foundation they set. For better and worse a premium is placed upon authorial intent, and a creator issuing aftermarket canon is not unlike a contractor arriving at your house with a single brick and a mandate from the city, explaining You don’t necessarily need this, but we think the place would be better if we added it.”

And later on,

All fictional canon is abyssal. The difference between canons is how deep we are encouraged to look, and by what method that encouragement is delivered. Pottermore tweets are one kind of encouragement to stare into the abyss of Harry Potter; but some works are designed as deeply abyssal. Doctor Who, soap operas, Star Wars, many long running comic series and the Dark Souls games allow their audience to become like Crowley’s magician: to sacrifice themselves to the depths of canon, become lost in the infinite void of often paradoxical possibility. These works do not unknowingly or only occasionally beckon their audience into the abyss of canon but take it as their ongoing structural mandate.

Mystery still surrounds hack of PHP PEAR website

A compromised package manager seems pretty much like a worse case scenario situation. Throwback to the recent npm bruhaha.

Privacy Is Not Dying, We’re Killing It

Why hello-there provocative title! 👋

So we say we value privacy, but we hardly understand what we mean by it. Privacy flourishes in the attention economy to the same degree that contentment flourishes in the consumer economy, which is to say not at all. Quietly and without acknowledging as much, we’ve turned the old virtue into a vice.

Privacy in the digital-age” is such an interesting concept, rife with issue for sure, but also…intriguing. It seems like, maybe, privacy is something that is a) more valuable than it used to be, b) a creative act. If we desire to interact online, we have to construct our privacy intentionally. Set it aside, tend to it.

Why Paper Maps Still Matter in the Digital Age

With the proliferation of smartphones, it’s easy to assume that the era of the paper map is over…research reveals that the paper map still thrives in the digital era, and there are distinct advantages to using print maps.

🗺

Digital interfaces are good for acquiring surface knowledge.

📱

Print maps help you acquire deep knowledge faster and more efficiently.

🏃‍♀️💨

Ultimately, I don’t think it should be a competition between physical and digital. In the future, people will continue to need both kinds of maps. Instead of arguing whether paper or digital is a better map interface, people should consider what map is the right tool for the task.

🤝

All of this NPM bruhaha has me wondering, what does a better solution look like? NPM has always been a reason I’m wary of modern JS dev. The whole ecosystem seems contingent on NPM as its central rail — what happens when it is bought, hacked, or just flakes? I pretend that quicklisp does it better, but I am really not sure, tbh. Is a centralized package manager always going to be a or even the central point of failure for a wider ecosystem? I regularly use a bunch of different package managers across a few different languages, is one better than the other? At the end of the day is their a better model to follow?

And so begins the process of debugging an SSL cert. bug….or possibly a redirect issue 🤷‍♂️

openssl s_client -connect quill.eli.li:443 | grep "^SSL"

In reply to: spectre and the end of langsec -- wingolog

The basis of language security is starting from a programming language with a well-defined, easy-to-understand semantics. From there you can prove (formally or informally) interesting security properties about particular programs.

Continuing…

But the Spectre and Meltdown attacks have seriously set back this endeavor. One manifestation of the Spectre vulnerability is that code running in a process can now read the entirety of its address space, bypassing invariants of the language in which it is written, even if it is written in a safe” language. This is currently being used by JavaScript programs to exfiltrate passwords from a browser’s password manager, or bitcoin wallets.