G7 Comes Out in Favor of Encryption Backdoors

This is a repost promoting content originally published elsewhere. See more things Dan's reposted.

From a G7 meeting of interior ministers in Paris this month, an “outcome document“:

Encourage Internet companies to establish lawful access solutions for their products and services, including data that is encrypted, for law enforcement and competent authorities to access digital evidence, when it is removed or hosted on IT servers located abroad or encrypted, without imposing any particular technology and while ensuring that assistance requested from internet companies is underpinned by the rule law and due process protection. Some G7 countries highlight the importance of not prohibiting, limiting, or weakening encryption;

There is a weird belief amongst policy makers that hacking an encryption system’s key management system is fundamentally different than hacking the system’s encryption algorithm. The difference is only technical; the effect is the same. Both are ways of weakening encryption.

The G7’s proposal to encourage encryption backdoors demonstrates two unsurprising things about the politicians in attendance, including that:

  • They’re unwilling to attempt to force Internet companies to add backdoors (e.g. via legislation, fines, etc.), making their resolution functionally toothless, and
  • More-importantly: they continue to fail to understand what encryption is and how it works.

Somehow, then, this outcome document simultaneously manages to both go too-far (for a safe and secure cryptographic landscape for everyday users) and not-far-enough (for law enforcement agencies that are in favour of backdoors, despite their huge flaws, to actually gain any benefit). Worst of both worlds, then.

Needless to say, I favour not attempting to weaken encryption, because such measures (a) don’t work against foreign powers, terrorist groups, and hardened criminals and (b) do weaken the personal security of law-abiding citizens and companies (who can then become victims of the former group). “Backdoors”, however phrased, are a terrible idea.

I loved Schneier’s latest book, by the way. You should read it.

Note #13422

Two small plastic ducks; one blue, one yellow.

Our youngest, aged 2, may have just came up with his first joke.

Yellow duck: Quack quack quack. Quack quack quack quack.

Blue duck: Shut up. I hate quacking.

×

Avengers Endgame: The Marvel Cinematic Universe explained

This is a repost promoting content originally published elsewhere. See more things Dan's reposted.

The Marvel Cinematic Universe in Chronological Order (almost)

Who’s for a rewatch of the entire Marvel Cinematic Universe, in the “correct” order, before Endgame? No?

The thinking behind this infographic (and in particular the shuffling of Ant-Man and the Wasp behind Infinity War) is like an even bigger, possibly-nerdier variant of the kind of thinking that lead to Star Wars – Machete Order.

Edge Blink and Progressive Web Apps

As I’ve previously mentioned (sadly), Microsoft Edge is to drop its own rendering engine EdgeHTML and replace it with Blink, Google’s one (more of my and others related sadness here, here, here, and here). Earlier this month, Microsoft made available the first prerelease versions of the browser, and I gave it a go.

Edge Canary 75.0.131.0 dev
At a glance, it looks exactly like you’d expect a Microsoft reskin of Chrome to look, right down to the harmonised version numbers.

All of the Chrome-like features you’d expect are there, including support for Chrome plugins, but Microsoft have also clearly worked to try to integrate as much as possible of the important features that they felt were distinct to Edge in there, too. For example, Edge Blink supports SmartScreen filtering and uses Microsoft accounts for sync, and Incognito is of course rebranded InPrivate.

But what really interested me was the approach that Edge Dev has taken with Progressive Web Apps.

Installing NonStopHammerTi.me as a standalone PWA in Edge
NonStopHammerTi.me might not be the best PWA in the world, but it’s the best one linked from this blog post.

Edge Dev may go further than any other mainstream browser in its efforts to make Progressive Web Apps visible to the user, putting a plus sign (and sometimes an extended install prompt) right in the address bar, rather than burying it deep in a menu. Once installed, Edge PWAs “just work” in exactly the way that PWAs ought to, providing a simple and powerful user experience. Unlike some browsers, which make installing PWAs on mobile devices far easier than on desktops, presumably in a misguided belief in the importance of mobile “app culture”, it doesn’t discriminate against desktop users. It’s a slick and simple user experience all over.

NonStopHammerTi.me running as a standalone PWA in Edge Dev.
Once installed, Edge immediately runs your new app (closing the tab it formerly occupied) and adds shortcut icons.

Feature support is stronger than it is for Progressive Web Apps delivered as standalone apps via the Windows Store, too, with the engine not falling over at the first sign of a modal dialog for example. Hopefully (as I support one of these hybrid apps!) these too will begin to be handled properly when Edge Dev eventually achieves mainstream availability.

Edge provides an option to open a page in its sites' associated PWA, if installed.
If you’ve got the “app” version installed, Edge provides a menu option to switch to that from any page on the conventional site (and cookies/state is retained across both).

But perhaps most-impressive is Edge Dev’s respect for the importance of URLs. If, having installed the progressive “app” version of a site you subsequently revisit any address within its scope, you can switch to the app version via a link in the menu. I’d rather have seen a nudge in the address bar, where the user might expect to see such things (based on that being where the original install icon was), but this is still a great feature… especially given that cookies and other state maintainers are shared between the browser, meaning that performing such a switch in a properly-made application will result in the user carrying on from almost exactly where they left off.

An Edge PWA showing its "Copy URL" feature.
Unlike virtually every other PWA engine, Edge Dev’s provides a “Copy URL” feature even to apps without address bars, which is a killer feature for sharability.

Similarly, and also uncommonly forward-thinking, Progressive Web Apps installed as standalone applications from Edge Dev enjoy a “copy URL” option in their menu, even if the app runs without an address bar (e.g. as a result of a "display": "standalone" directive in the manifest.json). This is a huge boost to sharability and is enormously (and unusually) respectful of the fact that addresses are the Web’s killer feature!  Furthermore, it respects the users’ choice to operate their “apps” in whatever way suits them best: in a browser (even a competing browser!), on their mobile device, or wherever. Well done, Microsoft!

I’m still very sad overall that Edge is becoming part of the Chromium family of browsers. But if the silver lining is that we get a pioneering and powerful new Progressive Web App engine then it can’t be all bad, can it?

× × × × ×

Dan Q found GCHDZH Cobblers! (Dorset)

This checkin to GCHDZH Cobblers! (Dorset) reflects a geocaching.com log entry. See more of Dan's cache logs.

Just visiting while dropping off my brother in law for his sponsored 500 mile “Lyme Regis to Limekilns on a Lime Bike” cycle, and thought I’d hit a couple of local caches before I set off back to Oxford. Great hiding place and a well maintained cache, thanks!

Dan Q found GC61PA7 In the Lyme light

This checkin to GC61PA7 In the Lyme light reflects a geocaching.com log entry. See more of Dan's cache logs.

While dropping off my partner’s brother and his friend on their 500 mile “Lyme Regis to Limekilns on a Lime Bike” sponsored cycle ride, I took the opportunity for a quick grab of this nicely hidden cache. Logbook rather wet, needs replacing. TFTC!

Robin Varley is fundraising for Campaign Against Living Miserably

This is a repost promoting content originally published elsewhere. See more things Dan's reposted.

Remember ‘Conquer The Twatts’?

No!?

Fair enough – well last year Magnus, our good friend Sergio and I hitch-hiked from Brick Lane (London) to Twatt (Orkney, Scotland) 766 miles way. We did it in 32 hours thanks to the generous nature of the people that helped out – including drivers, a pilot and a ferry service (thanks again, you amazing humans!!).

We raised 4 x our intended amount and arrived back in London with time to spare and, frankly, a hankering to do it all over again.

So like Shackleton, Fiennes and Thomas Stevens before us, on the 19th April 2019 Magnus and I – dressed in lime green morph suits – will depart Lyme Regis, Dorset on Lime Bikes (Google them, they’re awesome) For Limekilns, Scotland – 500 miles away (sadly Sergio won’t be joining us for this one)

As with last year, we’re raising for the Campaign Against Living Miserably.

Unlike last year we’re working in association with Lime Bike, who have given us their full support for this trip – so a massive thank you to Conor and the UK team for endorsing us two idiots!

Ruth‘s brother, whom you may recall me writing about during Challenge Robin I and Challenge Robin II (and the impact the weather had on it, and on me), our New Year’s ascent of Ben Nevis, or my ill-fated bet that he couldn’t jump a river, is on his latest adventure. Following in the footsteps of his effort to conquer the Twatts (which I shared previously), and reminiscent of his cycle to Brighton on a Boris Bike, he’s once again raising money for the Campaign Against Living Miserably with an outrageous adventure well-worthy of your support.

This time around, he and his friend Magnus are riding Lime e-bikes from Lyme Regis, which is almost as far South as you can get in mainland UK, to Limekilns, which is on the “other” side of the Firth of Forth (where the wildlings live). Like Challenge Robin II, there was a fuck-up with the trains and I had to drive him from Oxford to Lyme Regis, but at least I got to find a couple of geocaches while I was down there (one, two).

Anyway: you can follow his adventure via Instagram, but what you really ought to do is go donate money to the cause: or if he’s heading broadly your way: offer him a bed for the night so he doesn’t have to kip in a tent while his batteries charge in the nearest friendly pub.

Goodbye Google Analytics, Hello Fathom

This is a repost promoting content originally published elsewhere. See more things Dan's reposted.

Big news! This site is no longer using Google Analytics and I’ve switched to a self-hosted version of brand new analytics product Fathom.

Fathom Analytics dashboard

 

Fathom is very simple. It only tracks 4 things: Unique Visitors, Page Views, Time on Site, and Bounce Rate. It shows me a chart of page views and visitors and then gives me a break down of referrers and top performing content. That’s it. And to be quite honest, that’s about all I need from my blog analytics.

You know what, Dave:me too! I’ve been running Google Analytics since forever and Piwik/Matomo (in parallel with it) for about a year and honestly: I get more than enough of what I need from the latter. So you’ve inspired me to cut the line with Google: after all, all I was doing was selling them my friends’ data in exchange for some analytics I wasn’t really paying attention to… and I’d frankly rather not.

So: for the first time in a decade or so, there’s no Google Analytics on this site. Woop!

Update 2023-12-13: I eventually went further still and dropped all analytics, even self-hosted variants, and it feels great.

The Four-Handed Condom

Content warning: rape.

You’ve probably seen the news about people taking a technological look at the issue of consent, lately. One thing that’s been getting a lot of attention is the Tulipán Placer Consentido, an Argentinian condom which comes in a packet that requires the cooperation of two pairs of hands to open it.

Four hands opening a Placer Consentido packet
I’ve seen simpler escape room puzzles.

Naturally, the Internet’s been all over this shit, pointing out how actually you can probably open it with just two hands [YouTube], how it’s inaccessible [YouTube] to people with a variety of disabilities, and how it misses the point by implying that once the condom is on, consent is irrevocable. A significant number of its critics try to make their claims more-sensational by describing the Placer Consentido as “a real product”, which is a bit of an exaggeration: it was a seemingly one-off promotional giveaway by its creators: it doesn’t look to be appearing on their store pages.

Hands moving to the magic pressure points on a condom packet.
Move your fingers just a bit lower. No… up a bit. Yes! Right there! That’s the spot!

One fundamental flaw with the concept that nobody seems to have pointed out (unless perhaps in Spanish), is that – even assuming the clever packaging works perfectly – all that you can actually consent to with such a device is the use of a condom. Given that rape can be and often is committed coercively rather than physically – e.g. through fear, blackmail, or obligation rather than by force – consent to use of a condom by one of the parties shouldn’t be conflated with consent to a sexual act: it may just be preferable to it without, if that seems to be the alternative.

Indeed, all of these technical “solutions” to rape seem to focus on the wrong part of the process. Making sure that an agreement is established isn’t a hard problem, algorithmically-speaking (digital signatures with split-key cryptography has given us perhaps the strongest possible solution to the problem for forty years now)! The hard problem here is in getting people to think about what rape is and to act appropriately to one another. Y’know: it’s a people problem, not a technology problem! (Unshocker.)

"It's a no", from the advertisment.
“If it’s not a yes, it’s a no.” If you ignore the product, the ad itself is on-message.

But even though they’re perhaps functionally-useless, I’m still glad that people are making these product prototypes. As the news coverage kicked off by the #MeToo movement wanes, its valuable to keep that wave of news going: the issues faced by the victims of sexual assault and rape haven’t gone away! Products like these may well be pointless in the real world, but they’re a vehicle to keep talking about consent and its importance. Keeping the issue in the limelight is helpful, because it forces people to continually re-evaluate their position on sex and consent, which makes for a healthy and progressive society.

So I’m looking forward to whatever stupid thing we come up with next. Bring it on, innovators! Just don’t take your invention too seriously: you’re not going to “fix” rape with it, but at least you can keep us talking about it.

× × ×

Yet Another JavaScript Framework

This is a repost promoting content originally published elsewhere. See more things Dan's reposted.

It is impossible to answer all of these questions simply. They can, however, be framed by the ideological project of the web itself. The web was built to be open, both technologically as a decentralized network, and philosophically as a democratizing medium. These questions are tricky because the web belongs to no one, yet was built for everyone. Maintaining that spirit takes a lot of work, and requires sometimes slow, but always deliberate decisions about the trajectory of web technologies. We should be careful to consider the mountains of legacy code and libraries that will likely remain on the web for its entire existence. Not just because they are often built with the best of intentions, but because many have been woven into the fabric of the web. If we pull on any one thread too hard, we risk unraveling the whole thing.

A great story about how Firefox nearly broke tens of thousands of websites by following standards, and then didn’t. tl;dr: Javascript has a messy history.

Google AMP lowered our page speed, and there’s no choice but to use it – unlike kinds

This is a repost promoting content originally published elsewhere. See more things Dan's reposted.

We here at unlike kinds decided that we had to implement Google AMP. We have to be in the Top Stories section because otherwise we’re punted down the page and away from potential readers. We didn’t really want to; our site is already fast because we made it fast, largely with a combination of clever caching and minimal code. But hey, maybe AMP would speed things up. Maybe Google’s new future is bright.

It isn’t. According to Google’s own Page Speed Insights audit (which Google recommends to check your performance), the AMP version of articles got an average performance score of 87. The non-AMP versions? 95. (Note: I updated these numbers recently with an average after running the test 6 times per version.)

I’ve complained about AMP before plenty – starting here, for example – but it’s even harder to try to see the alleged “good sides” of the technology when it doesn’t even deliver the one thing it was supposed to. The Internet should be boycotting this shit, not drinking the Kool-Aid.

“You Me Her” Season 4 premiers, and other polyamory on TV

This is a repost promoting content originally published elsewhere. See more things Dan's reposted.

The “polyromantic comedy” series You Me Her opens its fourth season tonight (Tuesday April 9) at 10 on AT&T’s Audience Network. There is no other show like it on television.

Season 1 was about a troubled couple who, independently, fell for the same third person by way of comic flukes: a novelty gimmick. But creator/producer John Scott Shepherd soon realized that the show was onto something bigger. Season 2 began straight off with the three together in a serious, all-around polyamorous relationship, and things have grown from there.

Life, of course, hasn’t been easy for them. Tonight’s opening of Season 4 is titled “Triangular Peg, Meet Round World.” Season 5 is already scheduled for 2020.

Joy! I loved the first three seasons of You Me Her, admittedly while – during the first couple of seasons at least – simultaneously bemoaning how long it took the characters to learn lessons that my polycule(s) solved in far shorter order. I was originally watching it with Ruth and JTA but they lagged and I ran ahead, and I really enjoyed this first episode of season 4 too.