Dan Q
This is a repost promoting content originally published elsewhere. See more things Dan's reposted.
After 8 or 10 (depending on how you count them) films and hundreds of hours of TV, finally we have reached the end of the whole Star Wars saga. Hooray,…
Exactly my thoughts on the latest Star Wars films, concisely expressed.
This is a repost promoting content originally published elsewhere. See more things Dan's reposted.
My mother has long argued that a large category of popular music, second only to those on the subjects of sex and drugs, are about food. This so-called corpus of food songs is, I’m pretty confident, mostly based on mishearing lyrics, but I think she’d have a friend in the fabulous Bec Hill who’s this month made a follow-up to her video When You Listen to the Radio When You’re Hungry. And it’s even better (and to my delight, paella still manages to make a cameo appearance).
Unfortunately Warner Music Group don’t seem to have a sense of humour and you might find that you can’t watch her new video on YouTube. But thankfully that’s not how the Internet works (somebody should tell them!) and if proxying isn’t the best solution for you then you can just watch her new video on the BBC’s Facebook page instead.
This is a repost promoting content originally published elsewhere. See more things Dan's reposted.
“Why make the web more boring? Because boring is fast, resilient, fault tolerant, and accessible. Boring is the essence of unobtrusive designs that facilitate interactions rather than hinder them.” says Jeremy.
He’s right. I’ve become increasingly concerned in recent years in the trend towards overuse of heavyweight frameworks. These frameworks impose limitations on device/network capabilities, browser features, caching, accessibility, stability, and more. It’s possible to work around many of those limitations, but doing so often takes additional work, and so most developers, especially junior developers raised on a heavyweight framework who haven’t yet been exposed to the benefits of working around them. Plus, such mitigations tend to make already-bloated web applications – full of unnecessary cruft – larger still; the network demands of the application grow ever larger.
What are these frameworks for? They often provide valuable components and polyfills, certainly, but they also have a tendency to reimplement what the browser already gives you: e.g. routing and caching come free with HTTP, buttons and links from HTML, design from CSS, (progressive) interactivity from JS. Every developer should feel free to use a framework if it suits them and the project they’re working on… but adoption of a framework should only come after consideration and understanding of what it provides, and at what cost.
This is a repost promoting content originally published elsewhere. See more things Dan's reposted.
And on a way, way lighter note to my last repost, Parry Gripp’s latest song and video is the catchiest song about tacos or robots that you’ll ever hear.
This is a repost promoting content originally published elsewhere. See more things Dan's reposted.
I discovered Philosophy Tube earlier this year but because I’ve mostly been working my way through the back catalogue it took until very recently before I got around to watching the video Men. Abuse. Trauma. And about 95% of everything he says in it so-closely parallels my own experience of an abusive relationship that I was periodically alarmed by his specificity. I’ve written before about the long tail an abusive relationship can have and that this video triggered in me such a strong reaction of recognition (and minor distress) is a testament to that.
I escaped from my abusive relationship seventeen years ago this month. It took me around seven years to acknowledge that the relationship had been abusive and to see the full picture of the damage it had done me. It took at least another four or five before I reached a point that I suspect I’m “recovered”: by which I mean “as recovered as I think is feasible.” And the fact that this video – on the first two viewings, anyway – was still able to give me a moment of panic (albeit one well-short of flashbacks) is a reminder that no, I’m not yet 100% okay.
Regardless – I’ve wanted to plug the channel for a while now, and this was the vehicle I had to hand. Go watch.
This is a repost promoting content originally published elsewhere. See more things Dan's reposted.
…
This is A.C. Gilbert’s creation, the Polar Cub Electric Vibrator No. B87, and it’s nearly 100 years old. This vibrator is so ancient it was manufactured before any of my grandparents were born, which delights me terribly. The box is in shambles — on the front, a cute flapper holds the vibrator to her throat with a mischievous glint in her eye. A thin, fragile slip of paper serves as the original receipt, dated June 15th, 1925, in the amount of $2.95. I love this vibrator with every fiber of my being. Just thinking about how extremely not alive I was at that time is exciting to me.
And of course, I’m going to have an orgasm with this thing. An orgasm that transcends time. That’s what all of this is about.
…
Fabulous, frequently-funny review of three vibrators from the 1910s through 1960s and are still in some kind of working order.
This is a repost promoting content originally published elsewhere. See more things Dan's reposted.
…why would cookies ever need to work across domains? Authentication, shopping carts and all that good stuff can happen on the same domain. Third-party cookies, on the other hand, seem custom made for tracking and frankly, not much else.
…
Then there’s third-party JavaScript.
In retrospect, it seems unbelievable that third-party JavaScript is even possible. I mean, putting arbitrary code—that can then inject even more arbitrary code—onto your website? That seems like a security nightmare!
I imagine if JavaScript were being specced today, it would almost certainly be restricted to the same origin by default.
…
Jeremy hits the nail on the head with third-party cookies and Javascript: if the Web were invented today, there’s no way that these potentially privacy and security-undermining features would be on by default, globally. I’m not sure that they’d be universally blocked at the browser level as Jeremy suggests, though: the Web has always been about empowering developers, acting as a playground for experimentation, and third-party stuff does provide benefits: sharing a login across multiple subdomains, for example (which in turn can exist as a security feature, if different authors get permission to add content to those subdomains).
Instead, then, I imagine that a Web re-invented today would treat third-party content a little like we treat CORS or we’re beginning to treat resource types specified by Content-Security-Policy and Feature-Policy headers. That is, website owners would need to “opt-in” to which third-party domains could be trusted to provide content, perhaps subdivided into scripts and cookies. This wouldn’t prohibit trackers, but it would make their use less of an assumed-default (develolpers would have to truly think about the implications of what they were enabling) and more transparent: it’d be very easy for a browser to list (and optionally block, sandbox, or anonymise) third-party trackers could potentially target them, on a given site, without having to first evaluate any scripts and their sources.
I was recently inspired by Dave Rupert to remove Google Analytics from this blog. For a while, there’ll have been no third-party scripts being delivered on this site at all, except through iframes (for video embedding etc., which is different anyway because there’s significantly less scope leak). Recently, I’ve been experimenting with Jetpack because I get it for free through my new employer, but I’m always looking for ways to improve how well my site “stands alone”: you can block all third-party resources and this site should still work just fine (I wonder if I can add a feature to my service worker to allow visitors to control exactly what third party content they’re exposed to?).
This is a repost promoting content originally published elsewhere. See more things Dan's reposted.
Last week I happened to be at an unveiling/premiere event for the new Renault Clio. That’s a coincidence: I was actually there to see the new Zoe, because we’re hoping to be among the first people to get the right-hand-drive version of the new model when it starts rolling off the production line in 2020.
But I’ll tell you what, if they’d have shown me this video instead of showing me the advertising stuff they did, last week, I’d have been all: sure thing, Clio it is, SHUT UP AND TAKE MY MONEY! I’ve watched this ad four times now and seen more things in it every single time. (I even managed to not-cry at it on the fourth watch-through, too; hurrah!).
This is a repost promoting content originally published elsewhere. See more things Dan's reposted.
Spoiler alert: no, they shouldn’t.
Yesterday, Marijn Haverbeke tweeted:
If you make accessibility or internationalization in a code library an optional component, you just know half of the people deploying it will ignore it—out of ignorance or as optimization. So taking the side of the end user versus the dev user means just pre-bundling these things
For very similar reasons, I refuse to make accessibility features configurable in my vanilla JS plugins.
…
Very much this. In short:
This is a repost promoting content originally published elsewhere. See more things Dan's reposted.
Now that’s a hot comic. NSFW, so don’t click through if you’re not in a place where you can do so!
Also, RIP Flapjack. 😢
This is a repost promoting content originally published elsewhere. See more things Dan's reposted.
Truly in the style and spirit of Challenge Robin / Challenge Robin II, this sweary idiot decides to try to cross Wales in as close as possible to a completely straight line, cutting through dense woods, farms, rivers, hedgerows and back gardens. Cut up by barbed wire, stung by nettles, swimming through freezing rivers, and chased by farmers, it makes for gruelling, hilarious watching. Link is to the four-hour playlist; put it on in the background.
This is a repost promoting content originally published elsewhere. See more things Dan's reposted.
Rendering text, how hard could it be? As it turns out, incredibly hard! To my knowledge, literally no system renders text “perfectly”. It’s all best-effort, although some efforts are more important than others.
…
Just so you have an idea for how a typical text-rendering pipeline works, here’s a quick sketch:
- Styling (parse markup, query system for fonts)
- Layout (break text into lines)
- Shaping (compute the glyphs in a line and their positions)
- Rasterization (rasterize needed glyphs into an atlas/cache)
- Composition (copy glyphs from the atlas to their desired positions)
Unfortunately, these steps aren’t as clean as they might seem.
…
Delightful dive into the variety of issues that face developers who have to implement text rendering. Turns out this is, and might always remain, an unsolved issue.
This is a repost promoting content originally published elsewhere. See more things Dan's reposted.
JSON inventor Douglas Crockford explains why he gave permission for the reference implementation of JSLint to be used for evil. Funny.
This is a repost promoting content originally published elsewhere. See more things Dan's reposted.
…
Can we solve [the problem of supply-chain attacks] by building trustworthy systems out of untrustworthy parts?
It sounds ridiculous on its face, but the Internet itself was a solution to a similar problem: a reliable network built out of unreliable parts. This was the result of decades of research. That research continues today, and it’s how we can have highly resilient distributed systems like Google’s network even though none of the individual components are particularly good. It’s also the philosophy behind much of the cybersecurity industry today: systems watching one another, looking for vulnerabilities and signs of attack.
Security is a lot harder than reliability. We don’t even really know how to build secure systems out of secure parts, let alone out of parts and processes that we can’t trust and that are almost certainly being subverted by governments and criminals around the world. Current security technologies are nowhere near good enough, though, to defend against these increasingly sophisticated attacks. So while this is an important part of the solution, and something we need to focus research on, it’s not going to solve our near-term problems.
…
Schneier provides a great summary of the state of play with nation-state supply-chain attacks, using the Huawei 5G controversy as a jumping-off point but with reference to the fact that China are far from the only country that weaken the security and privacy of the world’s citizens in order to gain an international spying advantage. He goes on to explain what he sees as the two broad schools of thought are in providing technical solutions to this class of problems, and demonstrates that both are for the time being beyond our reach. The excerpt above comes from his examination of the second school of thought, and it’s a pretty-compelling illustration of why this is a different class of problem that the ones we’ve used to build a reliable Internet.
(Many of the comments are very good, too.)
This is a repost promoting content originally published elsewhere. See more things Dan's reposted.
…
Perhaps three people will read this essay, including my parents. Despite that, I feel an immense sense of accomplishment. I’ve been sitting on buses for years, but I have more to show for my last month of bus rides than the rest of that time combined.
Smartphones, I’ve decided, are not evil. This entire essay was composed on an iPhone. What’s evil is passive consumption, in all its forms.
…
This amazing essay really hammers home a major part of why I blog at all. Creating things on the Web is good. Creating things at all is good.
A side-effect of social media culture (repost, reshare, subscribe, like) is that it’s found perhaps the minimum-effort activity that humans can do that still fulfils our need to feel like we’ve participated in our society. With one tap we can pass on a meme or a funny photo or an outrageous news story. Or we can give a virtual thumbs-up or a heart on a friend’s holiday snaps, representing the entirety of our social interactions with them. We’re encouraged to create the smallest, lightest content possible: forty words into a Tweet, a picture on Instagram that we took seconds ago and might never look at again, on Facebook… whatever Facebook’s for these days. The “new ‘netiquette” is complicated.
I, for one, think it’d be a better world if it saw a greater diversity of online content. Instead of many millions of followers of each of a million content creators, wouldn’t it be nice to see mere thousands of each of billions? I don’t propose to erode the fame of those who’ve achieved Internet celebrity; but I’d love to migrate towards a culture in which we can all better support one another’s drive to create original content online. And do so ourselves.
The best time to write on your blog is… well, let’s be honest, it was a decade ago. But the second best time is right now. Or if you’d rather draw, or sing, or dance, or make puzzles or games or films… do that. The barrier to being a content creator has never been lower: publishing is basically free and virtually any digital medium is accessible from even the simplest of devices. Go make something, and share it with the world.
(with thanks to Jeremy for the reshare)
