1. Step out of my office.
2. Receive handful of free pizza.
Thanks @PapaJohnsUK!
Kind: Notes
Note #13422
Our youngest, aged 2, may have just came up with his first joke.
Yellow duck: Quack quack quack. Quack quack quack quack.
Blue duck: Shut up. I hate quacking.
Note #13404
@rjavarley here’s the photos I promised to send as you set off this morning on your epic sponsored Lime Bike ride from Lyme Regis to Limekilns:
Note #13334
- now a #PWA
- now available on #dat
- now open source (#GPL)
- still as pointless as ever
Note #13168
Kiwi flowers look exactly like you’d think they would. #woah
Note #13086
Nice: getting an unexpected parcel. ?
Nicer: from Hotel Chocolat. ?
Less nice: not being allowed to open it until Easter. ?
Note #12968
Woke up this morning bleeding from the neck. Surprise #vampire attack?
Note #12926
Saw this and thought of you, @themissprince: cantunsee.space
Still have “the eye” for pixel-perfect design? #UX
Note #12883
Received a letter to “Dan Q, Developer”. In case there’s multiple Dan Qs @bodleianlibs? Nope: everyone‘s had the last word of their job title: Wikmedian in Residence > “Residence”, Press & Media Officer > “Officer”… #mailmerge #fail?
Note #12848
Partner’s husband dropped car at garage.
Garage calls me to say it’s ready.
“My partner will pick it up,” I say.
“The other guy said his wife would pick it up?” they reply.
Pause.
“Yeah, that’s right.”
#awkward #polyamory #moment
Note #12817
@davejthorp the RSS feeds at dave-thorp.me.uk (e.g. for posts and comments, presumably among others) are broken
Note #12736
2004 called, @virginmedia. They asked me to remind you that maximum password lengths and prohibiting pasting makes your security worse, not better. @PWTooStrong
In more detail:
- Why would you set an upper limit on security? It can’t be for space/capacity reasons because you’re hashing my password anyway in accordance with best security practice, right? (Right?)
- Why would you exclude spaces, punctuation, and other “special” characters? If you’re afraid of injection attacks, you’re doing escaping wrong (and again: aren’t you hashing anyway?). Or are you just afraid that one of your users might pick a strong password? Same for the “starts with a letter” limitation.
- Composition rules like “doesn’t contain the same character twice in a row” reflects wooly thinking on that part of your IT team: you’re saying for example that “abababab” is more-secure than “abccefgh”. Consider using exclusion lists/blacklists for known-compromised/common passwords e.g. with HaveIBeenPwned and/or use entropy-based rather than composition-based rules e.g. with zxcvbn.
- Disallowing pasting into password fields does nothing to prevent brute-force/automated attacks but frustrates users who use password managers (by forcing them to retype their passwords, you may actually be reducing their security as well as increasing the likelihood of mistakes) and can have an impact on accessibility too.
- Counterarguments I anticipate: (a) it’s for your security – no it’s not; go read any of the literature from the last decade and a half, (b) it’s necessary for integration with a legacy system – that doesn’t fill me with confidence: if your legacy system is reducing your security, you need to update or replace your legacy system or else you’re setting yourself up to be the next Marriott, Equifax, or Friend Finder Network.
- It’s definitely not the first time you’ve been told. Get your act together.
Note #12733
“All #boardgames can be legacy games if you want it enough!” – @fleeblewidget, after drunkenly stumbling upon @thegodzillagirl’s label maker.
Note #12728
Summit of Ben Nevis with Robin (on almost the shortest day of the year) to finish off his 52 Reflect project.
Note #12726
How did our parents cope with just I-spy and 99 green bottles on -hour journeys? This is definitely the way to hypnotise kids in the car!