Dan Q

Kind: Reposts

G7 Comes Out in Favor of Encryption Backdoors

This is a repost promoting content originally published elsewhere. See more things Dan's reposted.

From a G7 meeting of interior ministers in Paris this month, an “outcome document“:

Encourage Internet companies to establish lawful access solutions for their products and services, including data that is encrypted, for law enforcement and competent authorities to access digital evidence, when it is removed or hosted on IT servers located abroad or encrypted, without imposing any particular technology and while ensuring that assistance requested from internet companies is underpinned by the rule law and due process protection. Some G7 countries highlight the importance of not prohibiting, limiting, or weakening encryption;

There is a weird belief amongst policy makers that hacking an encryption system’s key management system is fundamentally different than hacking the system’s encryption algorithm. The difference is only technical; the effect is the same. Both are ways of weakening encryption.

The G7’s proposal to encourage encryption backdoors demonstrates two unsurprising things about the politicians in attendance, including that:

  • They’re unwilling to attempt to force Internet companies to add backdoors (e.g. via legislation, fines, etc.), making their resolution functionally toothless, and
  • More-importantly: they continue to fail to understand what encryption is and how it works.

Somehow, then, this outcome document simultaneously manages to both go too-far (for a safe and secure cryptographic landscape for everyday users) and not-far-enough (for law enforcement agencies that are in favour of backdoors, despite their huge flaws, to actually gain any benefit). Worst of both worlds, then.

Needless to say, I favour not attempting to weaken encryption, because such measures (a) don’t work against foreign powers, terrorist groups, and hardened criminals and (b) do weaken the personal security of law-abiding citizens and companies (who can then become victims of the former group). “Backdoors”, however phrased, are a terrible idea.

I loved Schneier’s latest book, by the way. You should read it.

Repost posted at UTC on .

No comments

Avengers Endgame: The Marvel Cinematic Universe explained

This is a repost promoting content originally published elsewhere. See more things Dan's reposted.

The Marvel Cinematic Universe in Chronological Order (almost)

Who’s for a rewatch of the entire Marvel Cinematic Universe, in the “correct” order, before Endgame? No?

The thinking behind this infographic (and in particular the shuffling of Ant-Man and the Wasp behind Infinity War) is like an even bigger, possibly-nerdier variant of the kind of thinking that lead to Star Wars – Machete Order.

Repost posted at UTC on .

1 comment

Robin Varley is fundraising for Campaign Against Living Miserably

This is a repost promoting content originally published elsewhere. See more things Dan's reposted.

Remember ‘Conquer The Twatts’?

No!?

Fair enough – well last year Magnus, our good friend Sergio and I hitch-hiked from Brick Lane (London) to Twatt (Orkney, Scotland) 766 miles way. We did it in 32 hours thanks to the generous nature of the people that helped out – including drivers, a pilot and a ferry service (thanks again, you amazing humans!!).

We raised 4 x our intended amount and arrived back in London with time to spare and, frankly, a hankering to do it all over again.

So like Shackleton, Fiennes and Thomas Stevens before us, on the 19th April 2019 Magnus and I – dressed in lime green morph suits – will depart Lyme Regis, Dorset on Lime Bikes (Google them, they’re awesome) For Limekilns, Scotland – 500 miles away (sadly Sergio won’t be joining us for this one)

As with last year, we’re raising for the Campaign Against Living Miserably.

Unlike last year we’re working in association with Lime Bike, who have given us their full support for this trip – so a massive thank you to Conor and the UK team for endorsing us two idiots!

Ruth‘s brother, whom you may recall me writing about during Challenge Robin I and Challenge Robin II (and the impact the weather had on it, and on me), our New Year’s ascent of Ben Nevis, or my ill-fated bet that he couldn’t jump a river, is on his latest adventure. Following in the footsteps of his effort to conquer the Twatts (which I shared previously), and reminiscent of his cycle to Brighton on a Boris Bike, he’s once again raising money for the Campaign Against Living Miserably with an outrageous adventure well-worthy of your support.

This time around, he and his friend Magnus are riding Lime e-bikes from Lyme Regis, which is almost as far South as you can get in mainland UK, to Limekilns, which is on the “other” side of the Firth of Forth (where the wildlings live). Like Challenge Robin II, there was a fuck-up with the trains and I had to drive him from Oxford to Lyme Regis, but at least I got to find a couple of geocaches while I was down there (one, two).

Anyway: you can follow his adventure via Instagram, but what you really ought to do is go donate money to the cause: or if he’s heading broadly your way: offer him a bed for the night so he doesn’t have to kip in a tent while his batteries charge in the nearest friendly pub.

Yet Another JavaScript Framework

This is a repost promoting content originally published elsewhere. See more things Dan's reposted.

It is impossible to answer all of these questions simply. They can, however, be framed by the ideological project of the web itself. The web was built to be open, both technologically as a decentralized network, and philosophically as a democratizing medium. These questions are tricky because the web belongs to no one, yet was built for everyone. Maintaining that spirit takes a lot of work, and requires sometimes slow, but always deliberate decisions about the trajectory of web technologies. We should be careful to consider the mountains of legacy code and libraries that will likely remain on the web for its entire existence. Not just because they are often built with the best of intentions, but because many have been woven into the fabric of the web. If we pull on any one thread too hard, we risk unraveling the whole thing.

A great story about how Firefox nearly broke tens of thousands of websites by following standards, and then didn’t. tl;dr: Javascript has a messy history.

Repost posted at UTC on .

No comments

Google AMP lowered our page speed, and there’s no choice but to use it – unlike kinds

This is a repost promoting content originally published elsewhere. See more things Dan's reposted.

We here at unlike kinds decided that we had to implement Google AMP. We have to be in the Top Stories section because otherwise we’re punted down the page and away from potential readers. We didn’t really want to; our site is already fast because we made it fast, largely with a combination of clever caching and minimal code. But hey, maybe AMP would speed things up. Maybe Google’s new future is bright.

It isn’t. According to Google’s own Page Speed Insights audit (which Google recommends to check your performance), the AMP version of articles got an average performance score of 87. The non-AMP versions? 95. (Note: I updated these numbers recently with an average after running the test 6 times per version.)

I’ve complained about AMP before plenty – starting here, for example – but it’s even harder to try to see the alleged “good sides” of the technology when it doesn’t even deliver the one thing it was supposed to. The Internet should be boycotting this shit, not drinking the Kool-Aid.

Repost posted at UTC on .

No comments

“You Me Her” Season 4 premiers, and other polyamory on TV

This is a repost promoting content originally published elsewhere. See more things Dan's reposted.

The “polyromantic comedy” series You Me Her opens its fourth season tonight (Tuesday April 9) at 10 on AT&T’s Audience Network. There is no other show like it on television.

Season 1 was about a troubled couple who, independently, fell for the same third person by way of comic flukes: a novelty gimmick. But creator/producer John Scott Shepherd soon realized that the show was onto something bigger. Season 2 began straight off with the three together in a serious, all-around polyamorous relationship, and things have grown from there.

Life, of course, hasn’t been easy for them. Tonight’s opening of Season 4 is titled “Triangular Peg, Meet Round World.” Season 5 is already scheduled for 2020.

Joy! I loved the first three seasons of You Me Her, admittedly while – during the first couple of seasons at least – simultaneously bemoaning how long it took the characters to learn lessons that my polycule(s) solved in far shorter order. I was originally watching it with Ruth and JTA but they lagged and I ran ahead, and I really enjoyed this first episode of season 4 too.

Repost posted at UTC on .

No comments

Enable Private DNS with 1.1.1.1 on Android 9 Pie

This is a repost promoting content originally published elsewhere. See more things Dan's reposted.

Recently, Google officially launched Android 9 Pie, which includes a slew of new features around digital well-being, security, and privacy. If you’ve poked around the network settings on your phone while on the beta or after updating, you may have noticed a new Private DNS Mode now supported by Android.

This new feature simplifies the process of configuring a custom secure DNS resolver on Android, meaning parties between your device and the websites you visit won’t be able to snoop on your DNS queries because they’ll be encrypted. The protocol behind this, TLS, is also responsible for the green lock icon you see in your address bar when visiting websites over HTTPS. The same technology is useful for encrypting DNS queries, ensuring they cannot be tampered with and are unintelligible to ISPs, mobile carriers, and any others in the network path between you and your DNS resolver. These new security protocols are called DNS over HTTPS, and DNS over TLS.

Bad: Android Pie makes it harder (than previous versions) to set a custom DNS server on a cellular data connection.

Good: Android Pie supports DNS-over-TLS, so that’s nice.

Repost posted at UTC on .

No comments

Word Ladder Solver

This is a repost promoting content originally published elsewhere. See more things Dan's reposted.

It’s likely that the first word ladder puzzles were created by none other than Lewis Carroll (Charles Lutwidge Dodgson), the talented British mathematician, and author of the Alice’s adventures. According to Carroll, he invented them on Christmas Day in 1877.

A word ladder puzzle consists of two end-cap words, and the goal is to derive a series of chain words that change one word to the other. At each stage, adjacent words on the ladder differ by the substitution of just one letter. Each chain word (or rung of the word ladder), also needs to be a valid word. Below is an example of turning TABLE into CROWN (this time, in nine steps):

TABLE → CABLE → CARLE → CARLS → CARPS → CORPS → COOPS → CROPS → CROWS → CROWN

In another example, it take four steps to turn WARM into COLD.

WARM → WARD → CARD → CORD → COLD

(As each letter of the two words in the last example is different, this is the minimum possible number of moves; each move changes one of the letters).

Word ladders are also sometimes referred to as doublets, word-links, paragrams, laddergrams or word golf.

Nice one! Nick Berry does something I’ve often considered doing but never found the time by “solving” word ladders and finding longer chains than might have ever been identified before.

Repost posted at UTC on .

No comments

The British-Irish Dialect Quiz

This is a repost promoting content originally published elsewhere. See more things Dan's reposted.

What is your name for the playground game in which one child chases the rest and anyone who is touched becomes the pursuer?

Pretty accurate for me, although my answers to some of the questions – representing the diversity of places around Great Britain that I’ve lived and some of the words I’ve picked up along the way – clearly threw it off from time to time!

Repost posted at UTC on .

No comments

Codecademy vs. The BBC Micro

This is a repost promoting content originally published elsewhere. See more things Dan's reposted.

If you google “learn to code,” the first result you see is a link to Codecademy’s website. If there is a modern equivalent to the Computer Literacy Project, something with the same reach and similar aims, then it is Codecademy.

“Learn to code” is Codecademy’s tagline. I don’t think I’m the first person to point this out—in fact, I probably read this somewhere and I’m now ripping it off—but there’s something revealing about using the word “code” instead of “program.” It suggests that the important thing you are learning is how to decode the code, how to look at a screen’s worth of Python and not have your eyes glaze over. I can understand why to the average person this seems like the main hurdle to becoming a professional programmer. Professional programmers spend all day looking at computer monitors covered in gobbledygook, so, if I want to become a professional programmer, I better make sure I can decipher the gobbledygook. But dealing with syntax is not the most challenging part of being a programmer, and it quickly becomes almost irrelevant in the face of much bigger obstacles. Also, armed only with knowledge of a programming language’s syntax, you may be able to read code but you won’t be able to write code to solve a novel problem.

So very much this! I’ve sung a song many times about teaching people (and especially children) to code and bemoaned the barriers in the way of the next (and current!) generation of programmers, but a large part of it – in this country at least – seems to come down to this difference in attitude. Today, we’ve stopped encouraging people to try to learn to “use computers” (which was, for the microcomputer era, always semi-synonymous with programming owing to the terminal interface) and to “program”, but we’ve instead started talking about “learning to code”. And that’s problematic, because programming != coding!

I’m a big fan of understanding the fundamentals, and sometimes that means playing with things that aren’t computers: looms, recipe cards, board games, pencils and paper, algebra, envelopes… all of these things can be excellent tools for teaching programming but have nothing to do with learning coding.

Let’s stop teaching people to code and start teaching them to program, again, okay?

Repost posted at UTC on .

No comments

Mark Zuckerberg asks governments to help control internet content

This is a repost promoting content originally published elsewhere. See more things Dan's reposted.

Mark Zuckerberg

Mark Zuckerberg says regulators and governments should play a more active role in controlling internet content.

In an op-ed published in the Washington Post, Facebook’s chief says the responsibility for monitoring harmful content is too great for firms alone.

He calls for new laws in four areas: “Harmful content, election integrity, privacy and data portability.”

It comes two weeks after a gunman used the site to livestream his attack on a mosque in Christchurch, New Zealand.

“Lawmakers often tell me we have too much power over speech, and frankly I agree,” Mr Zuckerberg writes, adding that Facebook was “creating an independent body so people can appeal our decisions” about what is posted and what is taken down.

An interesting move which puts Zuckerberg in a parallel position to Bruce Schneier, who’s recently (and especially in his latest book) stood in opposition to a significant number of computer security experts (many of whom are of the “crypto-anarchist” school of thought) also pushed for greater regulation on the Internet. My concern with both figureheads’ proposals comes from the inevitable difficulty in enforcing Internet-wide laws: given that many countries simply won’t enact, or won’t effectively enforce, legislation of the types that either Zuckerberg nor Schneier suggest, either (a) companies intending to engage in unethical behaviour will move to – and profit in – those countries, as we already see with identity thieves in Nigeria, hackers in Russia, and patent infringers in China… or else (b) countries that do agree on a common framework will be forced to curtail Internet communications with those countries, leading to a fragmented and ultimately less-free Internet.

Neither option is good, but I still back these proposals in principle. After all: we don’t enact other internationally-relevant laws (like the GDPR, for example) because we expect to achieve 100% compliance across the globe – we do so because they’re the right thing to do to protect individuals and economies from harm. Little by little, Internet legislation in general (possibly ignoring things like the frankly silly EU cookie regulation and parts of the controversial new EU directives on copyright) makes the Internet a safer place for citizens of Western countries. There are still a huge number of foreign threats like scammers and malware authors as as well as domestic lawbreakers, but increasing the accountability of large companies is, at this point, a far bigger concern.

Repost posted at UTC on .

No comments

Bald Eagle Trio Seen Taking Turns Caring For Eggs In Illinois Refuge

This is a repost promoting content originally published elsewhere. See more things Dan's reposted.

Something fascinating is happening in a nest in Illinois.

Two male bald eagles have been spotted helping a female bald eagle keep the eggs in the nest warm.

Eagle1 webcam showing Starr with Valor I and Valor II

But bald eagles are normally very territorial. Bald eagle pairs are also monogamous. So this nest, on the Upper Mississippi River National Wildlife Refuge, is very unusual. And it’s not the first time they’ve had eaglets together, either.

“The three parents share incubation responsibilities for the eggs — three this year — as they have in previous years,” according to Out There With the Birds, the blog of Bird Watcher’s Digest. “Like their relationship, their history is complicated.”

So… two eagles, Valor I (male) and Hope (female) raised some chicks in a nest. Then Valor II (another male) came along and tried to displace Valor I, but he wouldn’t go, so the pair of them both ultimately cooperated in raising Hope’s chicks, even after Hope was driven away by some other eagles. Later, another female, Starr, turned up and Valor I and Valor II are collectively incubating three eggs of hers in the nest.

I’ve known (human) polyamorous networks with origin stories less-complicated than this.

Repost posted at UTC on .

No comments

Generating More of My Favorite Aphex Twin Track

This is a repost promoting content originally published elsewhere. See more things Dan's reposted.

“aisatsana” is the final track off Aphex Twin’s 2012 release, Syro. A departure from the synthy dance tunes which make up the majority of Aphex Twin’s catalog, aisatsana is quiet, calm, and perfect for listening to during activities which require concentration. But with a measly running time just shy of five and a half minutes, the track isn’t nearly long enough to sustain a session of reading or coding. Playing the track on repeat isn’t satisfactory; exact repetition becomes monotonous quickly. I wished there were an hour-long version of the track, or even better, some system which could generate an endless performance of the track without repetition. Since I build software for a living, I decided to try creating such a system.

If you’d like to try the experience before you read this whole article (although you should read the article), listen here. I’m sure you’ll agree that it sounds like “more aistsana” without being aistsana.

Spoiler: the secret is Markov chains of musical phrases.

Repost posted at UTC on .

No comments

Google’s Three Gender Emoji Future

This is a repost promoting content originally published elsewhere. See more things Dan's reposted.

Coming to Android this year: a third gender option for emojis such as Police Officer, Zombie, Person Facepalming, Construction Worker and People With Bunny Ears.

Revealed by Google in a submission to the Unicode Consortium last week, these changes signal a new direction from Google which has in recent years played ball with other vendors in overlooking Unicode guidelines, in favor of cross platform compatibility.

Above: Google will introduce a distinct appearance for emojis which don’t specify any gender in 2019. Image: Google designs / Emojipedia composite.

In giving public notice via Unicode, Google hopes that other vendors will join them in this effort to standardize many of the emoji which don’t specify a gender.

This builds on an initial few gender inclusive revisions made by Google in 2018.

Repost posted at UTC on .

1 mention

How many people are missing out on JavaScript enhancement?

This is a repost promoting content originally published elsewhere. See more things Dan's reposted.

few weeks back, we were chatting about the architecture of the Individual Electoral Registration web service.  We started discussing the pros and cons of an approach that would provide a significantly different interaction for any people not running JavaScript.

“What proportion of people is that?” an inquisitive mind asked.

Silence.

We didn’t really have any idea how many people are experiencing UK government web services without the enhancement of JavaScript. That’s a bad thing for a team that is evangelical about data driven design, so I thought we should find out.

The answer is:

1.1% of people aren’t getting Javascript enhancements (1 in 93)

This article by the GDS is six years old now, but its fundamental point is still as valid as ever: a small proportion (probably in the region of 1%) of your users won’t experience some or all of the whizzy Javascript stuff on your website, and it’s not because they’re a power user who disables Javascript.

There are so many reasons a user won’t run your Javascript, including:

  • They’re using a browser that doesn’t support Javascript (or doesn’t support the version you’re using)
  • They, or somebody they share their device with, has consciously turned-off Javascript either wholesale or selectively, in order to for example save bandwidth, improve speed, reinforce security, or improve compatibility with their accessibility technologies
  • They’re viewing a locally-saved, backed-up, or archived version of your page (possibly in the far future long after your site is gone)
  • Their virus scanner mis-classified your Javascript as potentially malicious
  • One or more of your Javascript files contains a bug which, on their environment, stops execution
  • One or more of your Javascript files failed to be delivered, for example owing to routing errors, CDN downtime, censorship, cryptographic handshake failures, shaky connections, cross-domain issues, stale caches…
  • On their device, your Javascript takes too long to execute or consumes too many resources and is stopped by the browser

Fundamentally, you can’t depend on Javascript and so you shouldn’t depend on it being there, 100% of the time, when it’s possible not to. Luckily, the Web already gives us all the tools we need to develop the vast, vast majority of web content in a way that doesn’t depend on Javascript. Back in the 1990s we just called it “web development”, but nowadays Javascript (and other optional/under-continuous-development web technologies like your favourite so-very-2019 CSS hack) is so ubiquitous that we give it the special name “progressive enhancement” and make a whole practice out of it.

The Web was designed for forwards- and backwards-compatibility. When you break that, you betray your users and you make work for yourself.

(by the way: I know I plugged the unpoly framework already, the other day, but you should really give it a look if you’re just learning how to pull off progressive enhancement)

Repost posted at UTC on .

4 mentions