Blog

More than you expected?

You're reading everything on Dan's blog - including notes, reposts, and checkins.
That might be more than you wanted to see, if you're only interested in blog posts (articles) Dan has written.

RFC-20

This article is a repost promoting content originally published elsewhere. See more things Dan's reposted.

The choice of this encoding has made ASCII-compatible standards the language that computers use to communicate to this day.

Even casual internet users have probably encountered a URL with “%20” in it where there logically ought to be a space character. If we look at this RFC we see this:

   Column/Row  Symbol      Name

   2/0         SP          Space (Normally Non-Printing)

Hey would you look at that! Column 2, row 0 (2,0; 20!) is what stands for “space”. When you see that “%20”, it’s because of this RFC, which exists because of some bureaucratic decisions made in the 1950s and 1960s.

Darius Kazemi is reading a single RFC every day throughout 2019 and writing up his understanding as to the content and importance of each. It’s good reading if you’re “into” RFCs and it’s probably pretty interesting if you’re just a casual Internet historian.

Evaluating the GCHQ Exceptional Access Proposal

This article is a repost promoting content originally published elsewhere. See more things Dan's reposted.

In a blog post, cryptographer Matthew Green summarized the technical problems with this GCHQ proposal. Basically, making this backdoor work requires not only changing the cloud computers that oversee communications, but it also means changing the client program on everyone’s phone and computer. And that change makes all of those systems less secure. Levy and Robinson make a big deal of the fact that their backdoor would only be targeted against specific individuals and their communications, but it’s still a general backdoor that could be used against anybody.

The basic problem is that a backdoor is a technical capability — a vulnerability — that is available to anyone who knows about it and has access to it. Surrounding that vulnerability is a procedural system that tries to limit access to that capability. Computers, especially internet-connected computers, are inherently hackable, limiting the effectiveness of any procedures. The best defense is to not have the vulnerability at all.

Lest we ever forget why security backdoors, however weasely well-worded, are a terrible idea, we’ve got Schneier calling them out. Spooks in democratic nations the world over keep coming up with “innovative” suggestions like this one from GCHQ but they keep solving the same problem, the technical problem of key distribution or key weakening or whatever it is that they want to achieve this week, without solving the actual underlying problem which is that any weakness introduced to a secure system, even a weakness that was created outwardly for the benefit of the “good guys”, can and eventually will be used by the “bad guys” too.

Furthermore: any known weakness introduced into a system for the purpose of helping the “good guys” will result in the distrust of that system by the people they’re trying to catch. It’s pretty trivial for criminals, foreign agents and terrorists to switch from networks that their enemies have rooted to networks that they (presumably) haven’t, which tends to mean a drift towards open-source security systems. Ultimately, any backdoor that gets used in a country with transparent judicial processes becomes effectively public knowledge, and ceases to be useful for the “good guys” any more. Only the non-criminals suffer, in the long run.

Sigh.

CSS-driven console graphics

If you’re reading this post via my blog and using a desktop computer, try opening your browser’s debug console (don’t worry; I’ll wait). If you don’t know how, here’s instructions for Firefox and instructions for Chrome. Other browsers may vary. You ought to see something like this in your debugger:

Debug console on DanQ.me showing Dan's head and a speech bubble.
I’m in your console, eating your commands!

What sorcery is this?

The debug console is designed to be used by web developers so that they can write Javascript code right in their browser as well as to investigate any problems with the code run by a web page. The web page itself can also output to the console, which is usually used for what I call “hello-based debugging”: printing out messages throughout a process so that the flow and progress can be monitored by the developer without having to do “proper” debugging. And it gets used by some web pages to deliver secret messages to any of the site users who open their debugger.

Facebook console messaging advising against the use of the console.
Facebook writes to the console a “stop” message, advising against using the console unless you know what you’re doing in an attempt to stop people making themselves victims of console-based social engineering attacks.

Principally, though, the console is designed for textual content and nothing else. That said, both Firefox and Chrome’s consoles permit the use of CSS to style blocks of debug output by using the %c escape sequence. For example, I could style some of a message with italic text:

>> console.log('I have some %citalic %ctext', 'font-style: italic;', '');
   I have some italic text

Using CSS directives like background, then, it’s easy to see how one could embed an image into the console, and that’s been done before. Instead, though, I wanted to use the lessons I’d learned developing PicInHTML 8¾ years ago to use text and CSS (only) to render a colour picture to the console. First, I created my template image – a hackergotchi of me and an accompanying speech bubble, shrunk to a tiny size and posterised to reduce the number of colours used and saved as a PNG.

Hackergotchi of Dan with a speech bubble, "squashed".
The image appears “squashed” to compensate for console monospace letters not being “square”.

Next, I wrote a quick Ruby program, consolepic.rb, to do the hard work. It analyses each pixel of the image and for each distinct colour assigns to a variable the CSS code used to set the background colour to that colour. It looks for “strings” of like pixels and combines them into one, and then outputs the Javascript necessary to write out all of the above. Finally, I made a few hand-tweaks to insert the text into the speech bubble.

The resulting output weighs in at 31.6kB – about a quarter of the size of the custom Javascript on the frontend of my site and so quite a bit larger than I’d have liked and significantly less-efficient than the image itself, even base64-encoded for embedding directly into the code, but that really wasn’t the point of the exercise, was it? (I’m pretty sure there’s significant room for improvement from a performance perspective…)

Scatmania.org in 2012
I’ll be first to admit it’s not as cool as the “pop-up Dan” in the corner of my 2012 design. You might enjoy my blog post about my 20 years of blogging or the one about how “pop-up Dan” worked.

What it achieved was an interesting experiment into what can be achieved with Javascript, CSS, the browser console, and a little imagination. An experiment that can live here on my site, for anybody who looks in the direction of their debugger, for the foreseeable future (or until I get bored of it). Anybody with any more-exotic/silly ideas about what this technique could be used for is welcome to let me know!

Security Checklist

This article is a repost promoting content originally published elsewhere. See more things Dan's reposted.

Be safe on the internet.

An open source checklist of resources designed to improve your online privacy and security. Check things off to keep track as you go.

I’m pretty impressed with this resource. It’s a little US-centric and I would have put the suggestions into a different order, but many of the ideas on it are very good and are presented in a way that makes them accessible to a wide audience.

Dan Q posted a note for GC5J655 GO Active Cutteslowe and Sunnymead Park

This checkin to GC5J655 GO Active Cutteslowe and Sunnymead Park reflects a geocaching.com log entry. See more of Dan's cache logs.

  1. CO hasn’t logged in in almost 3 years.
  2. Long string of DNFs.
  3. No finds in 8 months.
  4. During that time I’ve repeatedly tried to contact CO both through this site and through Go Active Oxfordshire (to report this as probably-missing and to volunteer to help with its future maintenance if they want to bring it back to life), but never received a response.

I strongly suspect that this cache is abandoned by the organisation that set it up. I’m reaching out to them today, one last time, but if they don’t respond then I suggest that this be considered for archiving by an administrator.

Map of 51.789567,-1.258683

Dan Q posted a note for GC54KVD Oxford Medical History #2: Grey matter

This checkin to GC54KVD Oxford Medical History #2: Grey matter reflects a geocaching.com log entry. See more of Dan's cache logs.

Came past here the other day while some work was being done on the island. The entire area around the GZ has been torn-up and it seems likely that the cache has been muggled and that the area might no-longer be suitable for a cache. :-(

Map of 51.756067,-1.247417

The most unexpected answer to a counting puzzle

This article is a repost promoting content originally published elsewhere. See more things Dan's reposted.

Summary: if an idealised weight slides into another, bouncing it off a wall then back into itself, how many times will the two collide? If the two weights are the same then the answer is 3: the first collision imparts all of the force of the first into the second, the second collision is the second bouncing off the wall, and the third imparts the force from the second back into the first. If the second weight weighs ten times as much as the first, the answer turns out to be 31. One hundred times as much, and there are 314 bounces. One thousand times, and there are 3,141. Ten thousand times, and there are 31,415… spot the pattern? The number of bounces are the digits of pi.

Why? This is mindblowing. And this video doesn’t answer the question (completely): it only poses it. But I’ll be looking forward to the next episode’s explanation…

Geohashing expedition 2019-01-08 51 -1

This checkin to geohash 2019-01-08 51 -1 reflects a geohashing expedition. See more of Dan's hash logs.

Location

A34 near Peartree Interchange, Oxford.

Participants

  • Dan Q (whose birthday it is!)

Plans

It’s my birthday on YYYY-01-08 (Birthday geohash achievement, here I come!), and even though I have to go into work (boo!), I note that my graticule’s geohashpoint falls only about a kilometre and a half of a diversion from my usual cycle route to work. The A4260 and A34 are basically a deathtrap for cyclists, so depending on conditions and traffic I’ll probably divert via the Oxford Canal towpath from Kidlington to Peartree, park up near Peartree Services, and then finish on foot. And then go to work, I guess.

Expedition

Success! A relatively easy (but sometimes scary: the traffic’s a bit nuts on some of the major roads that provided the shortest route) journey to the hashpoint area, followed by a slightly-scary crossing of the road to the hashpoint, which turned out to be right by the crash barriers at the central reservation. The crash barriers provided a great place to tie a “The Internet Was Here” sign.

On my way away from the hashpoint, at 09:19, I hid a geocache: (“2019-01-08 51 -1, 09:19”, OK049E, GC827X6). The geocache is of the “puzzle” variety – the person looking for it is likely to discover geohashing (if they haven’t already) as part of their research into the secret location of the cache.

Achievements

Birthday Achievement
Dan Q earned the Birthday Geohash Achievement

by reaching the (51, -1) geohash on his 38th birthday, 2019-01-08.
Map of 51.7964538,-1.2843027

There’s lots of ugliness in the world right now, so I think it’s important to share these photos…

This article is a repost promoting content originally published elsewhere. See more things Dan's reposted.

There’s lots of ugliness in the world right now, so I think it’s important to share these photos of what happened when my friend Marvin called me & said: “I’m getting married & we can only invite 100 people. You didn’t make the cut. But you can come if you come as a drunk clown.”
(1) There’s not a lot of story to tell, but for anyone who wants some DRUNK CLOWN AT THE WEDDING backstory:

Marvin had a vision of a drunk clown crashing his wedding. It’s all he ever wanted. Laura was on board. That’s the kind of perfect-for-each-other weirdos they are.

(2) I arrived in a regular suit. I had the clown outfit, face paint, shavingg stuff (I had a full beard & needed to shave for the make-up) and two 40oz’s (Marvin asked for a drunk clown, so I was giving him a D*R*U*N*K clown) in a bag I hid in a bathroom next to the ceremony.
(3) I only knew a handful of people at the wedding. Didn’t know Marvin or Laura’s families. More importantly, they didn’t know me. Which made me the perfect surprise drunk clown.
(4) I didn’t want them to recognize me when I showed up as a clown — the idea was to make it feel like an actual drunk clown had crashed the festivities — so I didn’t mingle much.
(5) As soon as the ceremony was over, people were directed to another area for a wine reception. I slipped away to the bathroom with @AimieRocks, who was helping with my make-up. I shaved off the beard, did my face, got into the clown suit, and pounded one of the 40oz’s.
Total lightweight here. I was hammered pretty quickly. I’m a method actor, so I drank half the other 40oz too. Then I stumbled over to the wine reception.
(7) I barged in, marched over to Laura’s mom, grabbed her wine, downed it, then handed the empty glass back to her. CONFUSION. MILD CHAOS.

WHO IS THIS DRUNK CLOWN?

(8) I accidentally shattered a few wine glasses, but I gotta say I brought a real JOVIAL DRUNK CLOWN vibe to the whole affair, so people embraced me pretty quickly, even though I kept drinking their wine.
(9) Except for Laura’s dad, who called for security to escort me out. She had to tell him that I was AN OFFICIAL MEMBER OF THE WEDDING PARTY.

Best Man ☑️
Maid of Honor ☑️
Drunk Clown ☑️

(10) At some point, we must have gone into the vineyard to take those photos in the original tweet up above, but honestly I was so drunk that I don’t remember taking them.

Anyway, I told you there wasn’t much backstory. It was an awesome wedding. <end>

ADDENDUM: just found this photo & it made me laugh. This is after security was called off, after everyone found out I wasn’t a DRUNK CLOWN STRANGER but a DRUNK CLOWN FRIEND. And everyone’s just…so…completely…CHILL. Just like, “whatevs,” as I drink more.
(12) OMG okay so I guess I have to make a SECOND ADDENDUM because @AimieRocks just emailed me some more photos from the wedding. Adding them to this thread…
(13) What I wore to the wedding ceremony. (That’s not my hat, that’s @AimieRocks‘s hat, I’m *not* a hat person but wearing it made me feel like Diane Keaton.) Posting these photos so you can see the beard I had before my clown transformation. I shaved that thing off SO QUICKLY.
(14) DRUNK WEDDING CLOWN, A PORTRAIT. I hate beer so much, but I had to get in character and I feel like drunk wedding clowns drink beer??? I’ve barely had any of the beer and already a little drunk in this photo. We didn’t leave the bathroom until after I finished that bottle.
(15) Last three photos. I love how Laura’s pretending not to know me in that first one. The kissing photo is with another good college friend, Michal. I have no idea who I’m talking to in that third photo. <end addendum> xx
Marvin just joined twitter to tell me that’s his mom I’m hugging in the third photo in this tweet. I’M SORRY, MARVIN. But welcome to twitter. xo

(17) ADDENDUM #3: @MarvinSolomon8 just texted me the name of their wedding photographer. Shoutout to SAMUEL POTTER PHOTOGRAPHY in Paso Robles. Here’s his website:

He took the three vineyard photos & obviously has a great eye. THANK YOU SAMUEL POTTER.

I was at a party this afternoon and an old friend introduced me to his wife, then told her: “honey, this is the drunk clown I told you about.”
Someone messaged me asking if they could interview me about the drunk clown stuff for a TV show & we’re about to skype. I texted my mom and asked “how do I look?” This is her reply. WHAT DOES THIS EVEN MEAN??? IS THAT A GOOD THING OR A BAD THING??? WHAT ARE YOU TELLING ME, MOM???
My grandma’s been in the hospital with bad shingles & infection. It’s been a scary, stressful week, & she’s been in bad pain. But she’s getting A LOT better. And thankfully she just got moved to rehab facility.

My mom just texted me this photo she took of grandma’s new room.

A friend just texted that he’s showing these drunk wedding clown photos to his family tomorrow and I hope it brings them all closer together.

Dan Q note OK045C The Fairy Elevator

This checkin to OK045C The Fairy Elevator reflects an opencache.uk log entry. See more of Dan's cache logs.

Dropped by to perform routine maintenance to discover that this cache has been partially muggled: the lifting mechanism has been cut and the pencils have been removed. However the cache itself is otherwise functional. As a stop-gap the cache is temporarily hidden BEHIND the tree (rather the hoisted up it); I’ll look into a proper fix as soon as I’m able.

Map of 51.822866666667,-1.3013666666667

Dan Q performed maintenance for GC7R0HB The Fairy Elevator

This checkin to GC7R0HB The Fairy Elevator reflects a geocaching.com log entry. See more of Dan's cache logs.

Dropped by to perform routine maintenance to discover that this cache has been partially muggled: the lifting mechanism has been cut and the pencils have been removed. However the cache itself is otherwise functional. As a stop-gap the cache is temporarily hidden BEHIND the tree (rather the hoisted up it); I’ll look into a proper fix as soon as I’m able.

Map of 51.822867,-1.301367

Iraq’s Post-ISIS Campaign of Revenge

This article is a repost promoting content originally published elsewhere. See more things Dan's reposted.

The next suspect insisted that he had been arrested by mistake—that his name was similar to that of someone in ISIS. A private defense lawyer explained that his client had confessed to ISIS affiliation under torture—he had a medical examination to prove it—but none of the judges appeared to be listening. As the lawyer spoke, they cracked jokes, signed documents, and beckoned their assistants to collect folders from the bench. Sahar yawned. The trial lasted eight minutes.

“Enough evidence—I ask for a guilty verdict,” the prosecutor said. It was the only phrase she uttered in court that morning.

Iraq’s well out of the news cycle and even ISIS isn’t getting the coverage it once did. But for many in post-ISIS Iraq, the battle is far from over. A country bloodthirsty for revenge against the terrorists who held Mosul, a judiciary more-interested in fast results rather than right results, and a legal system that promotes and accepts confession under torture creates the perfect breeding ground for tomorrow’s disaster.