Dan Q

Category: Personal

Dan Q found GCBMAAR #05 Northmoor Loop – Little Bridges # 3324

This checkin to GCBMAAR #05 Northmoor Loop - Little Bridges # 3324 reflects a geocaching.com log entry. See more of Dan's cache logs.

Another excellent container, though it was a bit of a stretch to reach it! A herd of playful cattle ran around far behind us as we searched, watching from a distance. TFTC.

A group of cows gamble around in a field, seen from a distance.

×

Dan Q found GCBMAAD #04 Northmoor Loop – Little Bridges # 3326

This checkin to GCBMAAD #04 Northmoor Loop - Little Bridges # 3326 reflects a geocaching.com log entry. See more of Dan's cache logs.

Briefly overshot this one in our excitement to get out of the field with the sheep (and so allow the geohound off her lead) and rushed to the little bridge. Doubled back to quickly find this great-sized cache. TFTC!

ElenaJS (Progressive Web Components)

This is a repost promoting content originally published elsewhere. See more things Dan's reposted.

I still think web components are a great foundation for a design system. No other approach gives you true cross-framework portability built on what the web platform already provides. The problem isn’t necessarily the model itself, it’s how we’ve been building them.

This is how I ended up creating Elena, a library that I’m open sourcing today. Elena starts from HTML and CSS, and stays grounded in web standards and what the web platform natively provides.

love the “HTML Web Components”/”Progressive Web Components”1 development pattern. The idea is, if you’re new to it:

  1. Write the HTML to provide as much functionality as possible
  2. Wrap it in a custom element
  3. Use that custom element to enhance the component with anything only JS can provide

The downside is that there’s often more scaffolding than you’d like: implementing event and property change listeners (and tidying them on disconnection), batching updates to avoid flicker, and all that jazz.

Now obviously you could go with one of the big heavyweight frameworks like React, but then you’re leaning into a whole locked-in architecture that makes it harder to write progressive components and burdens your users with a ton of unnecessary code. Boo!

That’s why I love it when clever people make useful, HTML-friendly, ultra-lightweight frameworks2 like ReefJS, which I’ve talked about using before, and – now – Elena!

Elena’s a modern, simple, MIT-licensed wrapper framework for your web components, and – having perused the documentation on-and-off for the last couple of days – it’s really exciting. Perhaps not because of what it does, but because of what it doesn’t do. It’s unopinionated, well-documented, SSR-friendly3 microframework that seems to bring the absolute best in what the Web offers via web components… and makes it easier for developers without making end-users pay the price for it.

Anyway: all of which is to say: check out Elena! I’m really excited to have a play with it the next time I have a suitable web components project.

Footnotes

1 I’m with Jeremy: “Progressive Web Components” is a better name. Also: it’s it funny how changing just one word of a name can make you re-think what a thing is. The moment I refactored the way I thought about HTML Web Components into calling them Progressive Web Components was the moment I said to myself “hey, I could put an SVG into one of those… use state-managed props to set CSS variables that are available to the image… and in doing so, produce an SVG that elegantly becomes animated where JS is available…”

2 I same “frameworks”: by the time they’re this lightweight, single-purpose, and focussed on adding functionality that perhaps vanilla JS and web components should already have we might as well call them utility libraries or polyfills!

3 SSR perhaps ought not to matter for Progressive Web Components, but I can imagine situations where Elena would still be useful even for web components without a HTML fallback, at which point I suppose SSR could be a performance shortcut for some projects.

Repost posted at UTC on .

No comments

Dan Q found GCBMA9M #03 Northmoor Loop

This checkin to GCBMA9M #03 Northmoor Loop reflects a geocaching.com log entry. See more of Dan's cache logs.

QEF when the GPSr dropped me right on it.

A lamb hides behind a sheep in a grassy field.

The dog complained that I wouldn’t let her go play with the lambs while I retrieved the cache – the playful pup can’t understand why I wouldn’t let her try to make friends with them!

×

Dan Q found GCBMA4C #01 Northmoor Loop

This checkin to GCBMA4C #01 Northmoor Loop reflects a geocaching.com log entry. See more of Dan's cache logs.

In the second hiding place I tied, and the evidence suggests I’m not the first to make my mistake. I dipped into this series on release day from the other “side”; now I’ve returned (with my geopup pal) to do more of the loop! TFTC.

Standing in a field on the outskirts of a rural village, Dan - a white man with a goatee beard , with a dog's lead hung around his shoulders - throws a thumbs-up.

×

NHS England rushes to hide software over AI hacking fears

This is a repost promoting content originally published elsewhere. See more things Dan's reposted.

NHS England has issued new guidance to staff, which has been shared with New Scientist, that demands existing and future software be pulled from public view and kept behind closed doors. “All source code repositories must be private by default. Repositories must not be public unless there is an explicit and exceptional need, and public access has been formally approved,” says the new guidance. The deadline for making code private is 11 May.

Last month, an AI created by Anthropic called Mythos was widely reported to be capable of discovering flaws in virtually any software, potentially allowing hackers to break into systems running it.

NHS England’s guidance specifically points to Mythos as the cause for the new measures.

Yet again, “AI” is the reason why we can’t have nice things on an open and transparent Web.

This is bad, of course. But the worst part is the illusion it helps feed that closed-source software is necessarily more-secure than open-source software. Obviously it’s all much more-complex than that. Indeed, the article goes on to quote Terence Eden thoroughly debunking the entire line of thought:

“Is it possible that Mythos will scan a repository and find a bug? Yes, 100 per cent likely. Is that going to be a bug that causes a security issue in a live NHS service somewhere? Almost certainly not,” says Eden. “I think it’s someone in NHS England buying into the hype that Mythos is going to cause the end of security as we know it and getting a bit panicked.”

He’s right. This policy change is unlikely to improve the security of any of the affected pieces of NHS software (for much of which, the code is already out-there and archived, and so removing it from the Internet now is pretty pointless). If it’s going to be attacked, it’ll be attacked, and the resources that the bad guys have for probing a whole database worth of CVEs or fuzz-testing the extremities makes the availability of vulnerability-scanning AI pretty-close to irrelevant.

At least if it were open source then the good guys would have a chance of helping out… as well as we, the taxpayers who made the software possible, being able to see where our money was going!

Altogether a bad move by the NHS, here.

Repost posted at UTC on .

No comments