You might reasonably have assumed I’d have already enjoyed pickled onion crisps. After all, I not only enjoy actual pickled onions but also the far more “acquired taste” of
pickled eggs, shown.
There’s a need for somebody… anybody… to eat Pickled Onion Monster Munch in our household, because we have a bit of an oversupply. In order to reliably get both of the
other flavours that people like (Roast Beef and Flamin’ Hot, respectively), we end up buying multipacks that also contain Pickled Onion flavour, and these unwanted extras pile
up in the snack cupboard until we happen to have a houseguest that we can palm them off onto.
Yes, I’m aware that there are multipacks of individual flavours, but none of our local supermarkets seem to stock multipacks of Flamin’ Hot, which is objectively the best flavour of
Monster Munch and anybody who claims otherwise is wrong.
My entire life, I’ve claimed not to like pickled onion flavour crisps. As a kid, I would only eat salt & vinegar and ready salted flavours, eventually expanding my palate into “meaty”
flavours like chicken and roast beef (although never, absolutely never, prawn cocktail). Later, I’d come to also enjoy cheese & onion and variants thereof, and it’s from this
that I realise that I’m probably being somewhat irrational.
Because if you think about it: if you want to make a “pickled onion” flavour crisp, what flavouring ingredients would you use? It turns out that most crisp manufacturers use a
particular mixture of (a) the ingredient that makes salt & vinegar crisps taste “vinegary” and (b) the ingredient that makes cheese & onion crisps taste “onioney”. So in summary:
I like pickled onions.
I like salt & vinegar crisps, which include an ingredient to make them taste vinegary.
I like cheese & onion crisps, which include an ingredient to make them taste onioney.
Therefore, I ought to like pickled onion crisps, which use two ingredients I like to try to emulate a food I like.
I should like this. Right?
Maybe that deliberate and conscious thought process is all I need? Maybe that’s it, and just having gone through the reasoning, I will now like pickled onion crisps!
Conveniently, I have a cupboard in my kitchen containing approximately one billion packets of Pickled Onion Monster Munch. So let’s try it out.
The first time I’ve tried a pickled onion flavour crisp in almost 30 years, captured on camera for your amusement.
It turns out they’re okay!
They’re not going to dethrone either of the other two flavours of Monster Munch that we routinely restock on, but at least now I’m in a position where I can do something about our
oversupply.
And all it took was stopping to think rationally about it. If only everything were so simple.
Here’s how nex://danq.me/ looks in my favourite desktop Gemini/smolweb browser Lagrange.
Nex is a lightweight Internet protocol reminiscent to me of Spartan (which CapsulePress also supports), but even more lightweight.
Without even affordances like host identification, MIME types, response codes, or the expectation that Gemtext might be supported by the client, it’s perhaps more like Gopher than it is
like Gemini.
It comes from the ever-entertaining smolweb hub of Nightfall City, whose Web interface clearly states at the top of every page the command you
could have run to see that content over the Nex protocol. Lagrange added support for Nex almost a year ago and it’s such a lightweight protocol that I was quickly able
to adapt CapsulePress’s implementation of Spartan to support Nex, too.
This is genuinely the entirety of my implementation of my Nex server, atop CapsulePress. And it’s mostly boilerplate.
Why, you might ask? Well, the reasons are the same as all the other standards supported by CapsulePress:
The smolweb is awesome.
Making WordPress into a CMS things it was never meant to do is sorta my jam.
It was a quick win while I waited for the pharmacist to shoot me up with 5G microchips my ‘flu and Covid boosters.
If you want to add Nex onto your CapsulePress, just git pull the latest version, ensure TCP port 1900 isn’t firewalled, and don’t add USE_NEX=false to
your environment. That’s all!
A lot of attention is paid, often in retrospect, to the experience of the first times in our lives. The first laugh; the first kiss; the first day at your job1.
But for every first, there must inevitably be a last.
I recall a moment when I was… perhaps the age our eldest child is now. As I listened to the bats in our garden, my mother told me about how she couldn’t hear them as clearly as she
could when she was my age. The human ear isn’t well-equipped to hear that frequency that bats use, and while children can often pick out the sounds, the ability tends to fade with age.
“Helloooo? Are you even listening to me?”
This recollection came as I stayed up late the other month to watch the Perseids. I lay in the hammock in our garden under a fabulously clear sky as the sun finished setting, and –
after being still and quiet for a time – realised that the local bat colony were out foraging for insects. They flew around and very close to me, and it occurred to me that I
couldn’t hear them at all.
There must necessarily have been a “last time” that I heard a bat’s echolocation. I remember a time about ten years ago, at the first house in Oxford of
Ruth, JTA and I (along with
Paul), standing in the back garden and listening to those high-pitched chirps. But I can’t tell you when the very
last time was. At the time it will have felt unremarkable rather than noteworthy.
First times can often be identified contemporaneously. For example: I was able to acknowledge my first time on a looping rollercoaster at the time.
The Tower of Terror at Camelot, circa 1994, was my first looping rollercoaster2.
The ride was disassembled in 2000 and, minus its “tower” theming3lived on for a while as Twist ‘N’ Shout at Loudoun Castle in Ayrshire, Scotland before that park
shut down. I looked at some recent satellite photography and I’m confident it’s now been demolished.
Last times are often invisible at the time. You don’t see the significance of the everyday and routine except in hindsight.
I wonder what it would be like if we had the same level of consciousness of last times as we did of firsts. How differently might we treat a final phone call to a loved one or the
ultimate visit to a special place if we knew, at the time, that there would be no more?
Would such a world be more-comforting, providing closure at every turn? Or would it lead to a paralytic anticipatory grief: “I can’t visit my friend; what if I find out that
it’s the last time?”
Footnotes
1 While watching a wooden train toy jiggle down a length of string, reportedly; Sarah
Titlow, behind the school outbuilding, circa 1988; and
five years ago this week, respectively.
2 Can’t see the loop? It’s inside the tower. A clever bit of design conceals the
inversion from outside the ride; also the track later re-enters the fort (on the left of the photo) to “thread the needle” through the centre of the loop. When they were running three
trains (two in motion at once) at the proper cadence, it was quite impressive as you’d loop around while a second train went through the middle, and then go through the middle while a
third train did the loop!
3 I’m told that the “tower” caught fire during disassembly and was destroyed.
From safely outside of its predicted path, just around the Yucatan coast, Hurricane Milton seems like a forboding and distant monster. A growing threat whose path will thankfully take
it away, not towards, me.
My heart goes out to the people on the other side of the Gulf of Mexico who find themselves along the route of this awakened beast.
Harry Segell’s 1938 play Heaven Can Wait went on to inspire such an extraordinarily long legacy of follow-ups.
I’ve only seen the most-recent few and my experience is that the older iterations are better, so I probably ought to watch Here Comes Mr. Jordan, right?
Back when I was a student in Aberystwyth, I used to receive a lot of bilingual emails from the University and its departments1.
I was reminded of this when I received an email this week from CACert, delivered in both English and German.
Simply putting one language after the other isn’t terribly exciting. Although to be fair, the content of this email wasn’t terribly exciting either.
Wouldn’t it be great if there were some kind of standard for multilingual emails? Your email client or device would maintain an “order of preference” of the languages that you
speak, and you’d automatically be shown the content in those languages, starting with the one you’re most-fluent in and working down.
It turns out that this is a (theoretically) solved problem. RFC8255 defines a mechanism for breaking an email into multiple
different languages in a way that a machine can understand and that ought to be backwards-compatible (so people whose email software doesn’t support it yet can still “get by”).
Here’s how it works:
You add a Content-Type: multipart/multilingual header with a defined boundary marker, just like you would for any other email with multiple “parts” (e.g. with a HTML
and a plain text version, or with text content and an attachment).
The first section is just a text/plain (or similar) part, containing e.g. some text to explain that this is a multilingual email, and if you’re seeing this
then your email client probably doesn’t support them, but you should just be able to scroll down (or else look at the attachments) to find content in the language you read.
Subsequent sections have:
Content-Disposition: inline, so that for most people using non-compliant email software they can just scroll down until they find a language they can read,
Content-Type: message/rfc822, so that an entire message can be embedded (which allows other headers, like the Subject:, to be translated too),
a Content-Language: header, specifying the ISO code of the language represented in that section, and
optionally, a Content-Translation-Type: header, specifying either original (this is the original text), human (this was translated by a
human), or automated (this was the result of machine translation) – this could be used to let a user say e.g. that they’d prefer a human translation to an automated
one, given the choice between two second languages.
Let’s see a sample email:
Content-Type: multipart/multilingual;
boundary=10867f6c7dbe49b2cfc5bf880d888ce1c1f898730130e7968995bea413a65664
To: <b24571@danq.me>
From: <rfc8255test-noreply@danq.link>
Subject: Does your email client support RFC8255?
Mime-Version: 1.0
Date: Fri, 27 Sep 2024 10:06:56 +0000
--10867f6c7dbe49b2cfc5bf880d888ce1c1f898730130e7968995bea413a65664
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset=utf-8
This is a multipart message in multiple languages. Each part says the
same thing but in a different language. If your email client supports
RFC8255, you will see this message in your preferred language out of
those available. Otherwise, you will probably see each language after
one another or else each language in a separate attachment.
--10867f6c7dbe49b2cfc5bf880d888ce1c1f898730130e7968995bea413a65664
Content-Disposition: inline
Content-Type: message/rfc822
Content-Language: en
Content-Translation-Type: original
Subject: Does your email client support RFC8255?
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: 7bit
MIME-Version: 1.0
RFC8255 is a standard for sending email in multiple languages. This
is the original email in English. It is embedded alongside the same
content in a number of other languages.
--10867f6c7dbe49b2cfc5bf880d888ce1c1f898730130e7968995bea413a65664
Content-Disposition: inline
Content-Type: message/rfc822
Content-Language: fr
Content-Translation-Type: automated
Subject: Votre client de messagerie prend-il en charge la norme RFC8255?
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: 7bit
MIME-Version: 1.0
RFC8255 est une norme permettant d'envoyer des courriers
électroniques dans plusieurs langues. Le présent est le courriel
traduit en français. Il est intégré à côté du même contenu contenu
dans un certain nombre d'autres langues.
--10867f6c7dbe49b2cfc5bf880d888ce1c1f898730130e7968995bea413a65664--
Why not copy-paste this into a raw email and see how your favourite email client handles it! That’ll be fun, right?
Can I use it?
That proposed standard turns seven years old next month. Sooo… can we start using it?4
Turns out… not so much. I discovered that NeoMutt supports it:
NeoMutt’s implementation is basic, but it works: you can specify a preference order for languages and it respects it, and if you don’t then it shows all of the languages as a series
of attachments. It can apparently even be used to author compliant multilingual emails, although I didn’t get around to trying that.
Support in other clients is… variable.
A reasonable number of them don’t understand the multilingual directives but still show the email in a way that doesn’t suck:
Mozilla Thunderbird does a respectable job of showing each language’s subject and content, one after another.
Some shoot for the stars but blow up on the launch pad:
GMail displays all the content, but it pretends that the alternate versions are forwarded messages and adds a stack of meaningless blank headers to each. And then offers to
translate the result for you, even though the content is already right there in English.
Others still seem to be actively trying to make life harder for you:
ProtonMail’s Web interface shows only the fallback content, putting the remainder into .eml attachments… which is then won’t display, forcing you to download them and
find some other email client to look at them in!5
And still others just shit the bed at the idea that you might read an email like this one:
Outlook 365 does appallingly badly, showing the subject in the title bar, then the words “(No subject)”, then the message “This message might have been removed or deleted”. Just
great.
That’s just the clients I’ve tested, but I can’t imagine that others are much different. If you give it a go yourself with something I’ve not tried, then let me know!
I guess this means that standardised multilingual emails might be forever resigned to the “nice to have but it never took off so we went in a different direction” corner of the
Internet, along with the <keygen> HTML element and the concept of privacy.
Footnotes
1 I didn’t receive quite as much bilingual email as you might expect, given that the
University committed to delivering most of its correspondence in both English and Welsh. But I received a lot more than I do nowadays, for example
2 Although you might not guess it, given how many websites completely ignore your
Accept-Language header, even where it’s provided, and simply try to “guess” what language you want using IP geolocation or something, and then require that you find
whatever shitty bit of UI they’ve hidden their language selector behind if you want to change it, storing the result in a cookie so it inevitably gets lost and has to be set again the
next time you visit.
3 I suppose that if you were sending HTML emails then you might use the lang="..." attribute to mark up different parts of the message as being in different
languages. But that doesn’t solve all of the problems, and introduces a couple of fresh ones.
4 If it were a cool new CSS feature, you can guarantee that it’d be supported by every
major browser (except probably Safari) by now. But email doesn’t get so much love as the Web, sadly.
5 Worse yet, if you’re using ProtonMail with a third-party client, ProtonMail screws up
RFC8255 emails so badly that they don’t even work properly in e.g. NeoMutt any more! ProtonMail swaps the multipart/multilingual content type for
multipart/mixed and strips the Content-Language: headers, making the entire email objectively less-useful.
I’m a big fan of blocking out uninterrupted time on your work calendar for focus activities, even if you don’t have a specific focus task to fill them with.
It can be enough to simple know that, for example, you’ve got a 2-hour slot every Friday morning that you can dedicate to whatever focus-demanding task you’ve got that week, whether
it’s a deep debugging session, self-guided training and development activities, or finally finishing that paper that’s just slightly lower priority than everything else on your
plate.
My work focus time is Friday mornings. It was originally put there so that it immediately followed my approximately-monthly coaching sessions, but it’s remained even since they
wandered elsewhere.
I appreciate that my colleagues respect that blocked period: I almost never receive meeting requests in that time. That’s probably because most people, particularly because we’re in
such a multi-timezone company, use their calendar’s “find a
suitable time for everybody” tool to find the best time for everyone and it sees that I’m “busy” and doesn’t suggest it.
If somebody does schedule a meeting that clashes with that block then, well, it’s probably pretty urgent!
But it turns out this strategy doesn’t work for everybody:
‘Urgent meetings only’ might not mean the same thing to you and I as it does to the not one, not two, not three, but four people who scheduled meetings that clash with it.
My partner recently showed me a portion of her calendar, observing that her scheduled focus time had been
overshadowed by four subsequently-created meetings that clashed with it. Four!
Maybe that’s an exception and this particular occasion really did call for a stack of back-to-back urgent meetings. Maybe everything was on fire. But whether or not this
particular occasion is representative for my partner, I’ve spoken to other friends who express the same experience: if they block out explicit non-meeting time on their
calendar, they get meeting requests for that time anyway. At many employers, “focus time” activities don’t seem to be widely-respected.
Maybe your workplace is the same. The correct solution probably involves a cultural shift: a company-wide declaration in favour of focus time as a valuable productivity tool
(which it is), possibly coupled with recommendations about how to schedule them sensitively, e.g. perhaps recommending a couple of periods in which they ought to be scheduled.
But for a moment, let’s consider a different option:
A silly solution?
Does your work culture doesn’t respect scheduled focus time but does respect scheduled meetings? This might seem to be the case in the picture above: note that the meetings
that clash with the focus time don’t clash with one another but tessellate nicely. Perhaps you need… fake meetings.
“Wow, what a busy afternoon Dan’s got. I’d better leave him be.”
Of course, creating fake meetings just so you can get some work done is actually creating more work. Wouldn’t it be better if there were some kind of service that could do it
for you?
Here’s the idea: a web service that exposes an API endpoint. You start by specifying a few things about the calendar you’d like to fill, for example:
What days/times you’d like to fill with “focus time”?
What industry you work in, to help making convincing (but generic) event names?
Whether you’d like the entire block consistently filled, or occasional small-but-useless gaps of up to 15 minutes inserted between them?
This results in a URL containing those parameters. Accessing that URL yields an iCalendar feed
containing those meetings. All you need to do is get your calendar software to subscribe to those events and they’ll appear in your calendar, “filling” your time.
So long as your iCalendar feed subscription refreshes often enough, you could even have an option to enable the events to self-delete e.g. 15 minutes before their start time, so that
you don’t panic when your meeting notification pops up right before they “start”!
This is the bit where you’re expecting me to tell you I made a thing
Normally, you’d expect me to pull the covers off some hilarious domain name I’ve chosen and reveal exactly the service I describe, but I’m not doing that today. There’s a few reasons
for that:
I’m not saying I think the prior art in this area is good, but it’s certainly good-enough.
Firstly, I’ve got enough too many pointless personal/side projects on the go already1. I don’t need another
distraction.
Secondly, it turns out others have already done 90% of the work. This
open-source project runs locally and fills calendars with (unnamed, private) blocks of varying lengths. This iOS app
does almost exactly what I described, albeit in an ad-hoc rather than fully-automated way. There’s no point me just doing the last 10% just to make a joke work.
And thirdly: while I searched for existing tools I discovered a significant number of people who confess online to creating fake meetings in their calendars! While some of these do
so for reasons like those I describe – i.e. to block out time and get more work done in an environment that doesn’t respect them simply blocking-out time – a lot of folks admit to doing
it just to “look busy”. That could be either the employee slacking off, or perhaps having to work around a manager with a presenteeism/input-measurement based outlook (which is a
terrible way to manage people). But either way: it’s a depressing reason to write software.
Nope
So yeah: I’m not going down that avenue.
But maybe if you’re in a field where you’d benefit from it, try blocking out some focus time in your calendar. I think it’s a fantastic idea, and I love that I’m employed somewhere that
I can do so and it works out.
Or if you’ve tried that and discovered that your workplace culture doesn’t respect it – if colleagues routinely book meetings into reserved spaces – maybe you should try fake
meetings and see if they’re any better-respected. But I’m afraid I can’t help you with that.
Three Rings operates a Web contact form to help people get in touch with us: the idea
is that it provides a quick and easy way to reach out if you’re a charity who might be able to make use of the system, a user who’s having difficulty with the features of the software,
or maybe a potential new volunteer willing to give your time to the project.
But then the volume of spam it received increased dramatically. We don’t want our support team volunteers to spend all
their time categorising spam: even if it doesn’t take long, it’s demoralising. So what could we do?
It’s clearly spam, but if it takes you 2 seconds to categorise it and there are 30 in your Inbox, that’s still a drag.
Our conventional antispam tools are configured pretty liberally: we don’t want to reject a contact from a legitimate user just because their message hits lots of scammy keywords (e.g.
if a user’s having difficulty logging in and has copy-pasted all of the error messages they received, that can look a lot like a password reset spoofing scam to a spam filter). And we
don’t want to add a CAPTCHA, because not only do those create a barrier to humans – while not necessarily reducing spam very much, nowadays – they’re often terrible for accessibility,
privacy, or both.
But it didn’t take much analysis to spot some patterns unique to our contact form and the questions it asks that might provide an opportunity. For example, we discovered that
spam messages would more-often-than-average:
Fill in both the “name” and (optional) “Three Rings username” field with the same value. While it’s cetainly possible for Three Rings users to have
a login username that’s identical to their name, it’s very rare. But automated form-fillers seem to disproportionately pair-up these two fields.
Fill the phone number field with a known-fake phone number or a non-internationalised phone number from a country in which we currently support no charities.
Legitimate non-UK contacts tend to put international-format phone numbers into this optional field, if they fill it at all. Spammers often put NANP (North American Numbering Plan)
numbers.
Include many links in the body of the message. A few links, especially if they’re to our services (e.g. when people are asking for help) is not-uncommon in legitimate
messages. Many links, few of which point to our servers, almost certainly means spam.
Choose the first option for the choose -one question “how can we help you?” Of course real humans sometimes pick this option too, but spammers almost always
choose it.
None of these characteristics alone, or any of the half dozen or so others we analysed (including invisible checks like honeypots and IP-based geofencing), are reason to
suspect a message of being spam. But taken together, they’re almost a sure thing.
To begin with, we assigned scores to each characteristic and automated the tagging of messages in our ticketing system with these scores. At this point, we didn’t do anything to block
such messages: we were just collecting data. Over time, this allowed us to find a safe “threshold” score above which a message was certainly spam.
Even when a message fails our customised spam checks, we only ‘soft-block’ it: telling the user their message was rejected and providing suggestions on working around that or emailing
us conventionally. Our experience shows that the spammers aren’t willing to work to overcome this additional hurdle, but on the very rare ocassion a human hits them, they are.
Once we’d found our threshold we were able to engage a soft-block of submissions that exceeded it, and immediately the volume of spam making it to the ticketing system dropped
considerably. Under 70 lines of PHP code (which sadly I can’t share with you) and we reduced our spam rate by over 80% while having, as far as we can see, no impact on the
false-positive rate.
Where conventional antispam solutions weren’t quite cutting it, implementing a few rules specific to our particular use-case made all the difference. Sometimes you’ve just got to roll
your sleeves up and look at the actual data you do/don’t want, and adapt your filters accordingly.
We still didn’t feel up to a repeat of the bigger summer party we held the year before last, but we love our Abnib buddies, so put the call out to say: hey, come on over, bring a tent (or be willing to crash on a sofa bed) if you want to stay over; we’ll let the
kids run themselves ragged with a water fight and cricket and football and other garden games, then put them in front of a film or two while we hang out and drink and play board games
or something.
Every one of these people is awesome. Or else a dog.
The entire plan was deliberately low-effort. Drinks? We had a local brewery drop us off a couple of kegs, and encouraged people to BYOB. Food? We
threw a stack of pre-assembled snacks onto a table, and later in the day I rotated a dozen or so chilled pizzas through the oven. Entertainments? Give the kids a pile of toys and the
adults one another’s company.
We didn’t even do more than the bare minimum of tidying up the place before people arrived. Washing-up done? No major trip hazards on the floor? That’s plenty good enough!
The intersection of “BYOB” and the generosity of our friends somehow meant that, I reckon, we have more alcohol in the house now than before the party!
I found myself recalling our university days, when low-effort ad-hoc socialising seemed… easy. We lived close together and we had uncomplicated schedules, which combined to make it socially-acceptable to “just turn up” into one another’s lives and spaces. Many were the times that people would descend upon Claire and
I’s house in anticipation that there’d probably be a film night later, for example1.
I remember one occasion a couple of decades ago, chilling with friends2. Somebody – possibly Liz
– commented that it’d be great if in the years to come our kids would be able to be friends with one another. I was reminded of it when our eldest asked me, of our weekend
guests, “why are all of your friends’ children are so great?”
It’s not the same as those days long ago, but I’m not sure I’d want it to be. It is, however, fantastic.
What pleased me in particular was how relatively-effortless it was for us all to slip back into casually spending time together. With a group of folks who have, for the most part, all
known each other for over two decades, even not seeing one another in-person for a couple of years didn’t make a significant dent on our ability to find joy in each other’s company.
Plus, being composed of such laid-back folks, it didn’t feel awkward that we had, let’s face it, half-arsed the party. Minimal effort was the order of the day, but the flipside of that
was that the value-for-effort coefficient was pretty-well optimised3.
A delightful weekend that I was glad to be part of.
3 I’m pretty sure that if I’d have used the term “value-for-effort coefficient”
at the party, though, then it’d have immediately sucked 100% of the fun out of the room.
There are two particular varieties of email address that I don’t often see, but I’ve been known to ridicule when I have:
Geographically-based personal email addresses, e.g. OurHouseName@example.com. These always seemed to me to undermine one of the
single-best things about an email address compared to postal mail – that they don’t change when you move house!1
Shared/couple email addresses, e.g. MrAndMrsSmith@example.net. These make me want to scream “You know email addresses are basically
free, right? You don’t have to share one!” Even back when most people got their email address directly from their dial-up provider, most ISPs offered some number of addresses (e.g. five).
If you’ve come across either of the above before, there’s… perhaps a reasonable chance that it was in the possession of somebody born before 1960 (and the older, the
more-likely)2.
In Pierce’s defence, “my email is on that computer” did genuinely used to be a thing, before the widespread adoption of IMAP and webmail.
You’ll never catch me doing that!
I found myself thinking about this as I clicked the “No” button on a poll by Terence
Eden that asked whether I used a “shared” email address when in a stable long-term relationship.
Of course I don’t! Why would I? Oh… wait…
It wasn’t until after I clicked “No” that I realised that, in actual fact, I have had multiple email addresses that I’ve share with significant other(s). And more than
that, sometimes they’ve been geographically-based! What’s going on?
I’ve routinely had domains or subdomains that I’ve used to represent a place that I live. They’re convenient for when you want to give somebody a short web address which’ll take them to
a page with directions to you and links to your location in a variety of different services and formats.
And by that point, you might as well have an email alias, e.g. all@myhouse.example.org, that forwards on email to, well, all the adults at the house. What I’ve
described there is, after a fashion, a shared email address tied to a geographical location. But we don’t ever send anything from it. Nor do we use it for any kind of
personal communication with anybody outside the house.
Sainsbury’s aren’t going to bring us any Raspberry Peelers. I’m not sure who ordered them, but I’m confident that
it’s the kids who’re gonna complain about it.
We don’t give out these all@ addresses (or their aliases: every company gets their own) to people willy-nilly. But they’re useful for shared services that send
automated emails to us all. For example:
Giving a forwarding alias to the supermarket means that receipts (listing any unavailable products) g0 to all of us, and whoever’s meal plan’s been scuppered by an awkward
substitution will know what’s up.
Using a forwarding alias with the household Netflix account means anybody can use the “send me a sign-in link” feature to connect a new device.
When confirming that you’ve sent money to a service provider, CC’ing one of these nice, short aliases provides a quick way to let the others know that a bill’s been paid (this one’s
especially useful where, like me, you live in a 3+ adult household and otherwise you’d be having to add multiple people to the CC field).
Sure, the need for most of these solutions would evaporate instantly if more services supported multi-user or delegated access3.
But outside of that fantasy world, shared aliases seem to be pretty useful!
Footnotes
1 The most ill-conceived example of geographically-based email addresses I’ve ever seen
came from a a 2003 proposal by then-MP Derek Wyatt, who proposed that the domain name part of every single email address should contain not
only the country of the owner (e.g. .uk) but also their complete postcode. He was under the delusion that this would somehow prevent spam. Even ignoring the
immense technical challenges of his proposal and the impossibility of policing it across the borders of every country that uses email… it probably wouldn’t even be
effective at his stated goal. I’ll let The Register take it from here.
2 No ageism intended: I suspect that the phenomenon actually stems from the fact that as
email took off in the noughties this demographic who were significantly more-likely than younger folks to have (a) a very long-term home that they didn’t anticipate moving out of any
time soon, and (b) an existing anticipation that people and companies wrote to them as a couple, not individually.
3 I’d love it if the grocery delivery sites would let multiple “accounts”, by
mutual consent, share a delivery slot, destination, and payment method. It’d be cool to know that we could e.g. have a houseguest and give them temporary access to a specific
order that was scheduled for during their stay. But that’s probably a lot of work for very little payoff if you’re busy running a supermarket.
I was browsing (BBC) Good Food today when I noticed something I’d not seen before: a “premium” recipe, available on their “app only”:
I clicked on the “premium” recipe and… it
looked just like any other recipe. I guess it’s not actually restricted after all?
Just out of curiosity, I fired up a more-vanilla web browser and tried to visit the same page. Now I saw an overlay and modal attempting1 to
restrict access to the content:
It turns out their entire effort to restrict access to their premium content… is implemented in client-side JavaScript. Even when I did see the overlay and not get access to
the recipe, all I needed to do was open my browser’s debugger and run document.body.classList.remove('tp-modal-open'); for(el of document.querySelectorAll('.tp-modal,
.tp-backdrop')) el.remove(); and all the restrictions were lifted.
What a complete joke.
Why didn’t I even have to write my JavaScript two-liner to get past the restriction in my primary browser? Because I’m running privacy-protector Ghostery, and one of the services Ghostery blocks by-default is one called Piano. Good Food uses Piano to segment their audience in your
browser, but they haven’t backed that by any, y’know, actual security so all of their content, “premium” or not, is available to anybody.
I’m guessing that Immediate Media (who bought the BBC Good Food brand a while back and have only just gotten around to stripping “BBC” out of
the name) have decided that an ad-supported model isn’t working and have decided to monetise the site a little differently2.
Unfortunately, their attempt to differentiate premium from regular content was sufficiently half-hearted that I barely noticed that, too, gliding through the paywall without
even noticing were it not for the fact that I wondered why there was a “premium” badge on some of their recipes.
You know what website I miss? OpenSourceFood.com. It went downhill and then died around 2016, but for a while it was excellent.
Recipes probably aren’t considered a high-value target, of course. But I can tell you from experience that sometimes companies make basically this same mistake with much
more-sensitive systems. The other year, for example, I discovered (and ethically disclosed) a fault in the implementation of the login forms of a major UK mobile network that meant that
two-factor authentication could be bypassed entirely from the client-side.
These kinds of security mistakes are increasingly common on the Web as we train developers to think about the front-end first (and sometimes, exclusively). We need to do
better.
Footnotes
1 The fact that I could literally see the original content behind the modal
was a bit of a giveaway that they’d only hidden it, not actually protected it in any way.
2 I can see why they’d think that: personally, I didn’t even know there were ads
on the site until I did the experiment above: turns out I was already blocking them, too, along with any anti-ad-blocking scripts that might have been running alongside.
Vmail is cool. It’s vole.wtf’s (of ARCC etc. fame) community
newsletter, and it’s as batshit crazy as you’d expect if you were to get the kinds of people who enjoy that site and asked them all to chip in on a newsletter.
Totes bonkers.
But email’s not how I like to consume this kind of media. So obviously, I scraped it.
I’m not a monster: I want Vmail’s stats to be accurate. So I signed up with an unmonitored OpenTrashMail account as well. I just don’t read it (except for the confirmation link
email). It actually took me a few attempts because there seems to be some kind of arbitrary maximum length validation on the signup form. But I got there in the end.
Recipe
Want to subscribe to Vmail using your own copy of FreshRSS? Here’s the settings you’re looking for –
Type of feed source:HTML + XPath (Web scraping)
XPath for finding news items://table/tbody/tr
It’s just a table with each row being a newsletter; simple!
XPath for item title:descendant::a
XPath for item content:.
XPath for item link (URL):descendant::a/@href
XPath for item date:descendant::td[1]
Custom date/time format:d M *y
The dates are in a format that’s like 01 May ’24 – two-digit days with leading zeros, three-letter months, and a two-digit year preceded by a curly quote, separated by spaces. That
curl quote screws up PHP’s date parser, so we have to give it a hint.
XPath for unique item ID:descendant::th
Optional, but each issue’s got its own unique ID already anyway; we might as well use it!
Article CSS selector on original website:#vmail
Optional, but recommended: this option lets you read the entire content of each newsletter without leaving FreshRSS.
So yeah, FreshRSS continues to be amazing. And lately it’s helped me keep on top of the amazing/crazy of vole.wtf too.
I’m not a tea-drinker1. But while making a cuppa for Ruth
this morning, a thought occurred to me and I can’t for a moment believe that I’m the first person to think of it:
Modern digital pressure cookers have a lot of different settings and modes, but ‘tea’ is somehow absent?
It’s been stressed how important it is that the water used to brew the tea is 100℃, or close to it possible. That’s the boiling point of water at sea level, so you can’t really boil
your kettle hotter than that or else the water runs away to pursue a new life as a cloud.
That temperature is needed to extract the flavours, apparently3.
And that’s why you can’t get a good cup of tea at high altitudes, I’m told: by the time you’re 3000 metres above sea level, water boils at around 90℃ and most British people wilt at
their inability to make a decent cuppa4.
It’s a question of pressure, right? Increase the pressure, and you increase the boiling point, allowing water to reach a higher temperature before it stops being a liquid and starts
being a gas. Sooo… let’s invent something!
I’m thinking a container about the size of a medium-sized Thermos flask or a large keep-cup – you need thick walls to hold pressure, obviously – with a safety valve and a heating
element, like a tiny version of a modern pressure cooker. The top half acts as the lid, and contains a compartment into which you put your teabag or loose leaves (optionally in an
infuser). After being configured from the front panel, the water gets heated to a specified temperature – which can be above the ambient boiling point of water owing to the
pressurisation – at which point the tea is released from the upper half. The temperature is maintained for a specified amount of time and then the user is notified so they can release
the pressure, open the top, lift out the inner cup, remove the teabag, and enjoy their beverage.
This isn’t just about filling the niche market of “dissatisfied high-altitude tea drinkers”. Such a device would also be suitable for other folks who want a controlled tea experience.
You could have it run on a timer and make you tea at a particular time, like a teasmade. You can set the temperature lower for a
controlled brew of e.g. green tea at 70℃. But there’s one other question that a device like this might have the capacity to answer:
What is the ideal temperature for making black tea?
We’re told that it’s 100℃, but that’s probably an assumption based on the fact that that’s as hot as your kettle can get water to go, on account of physics. But if tea is bad
when it’s brewed at 90℃ and good when it’s brewed at 100℃… maybe it’s even better when it’s brewed at 110℃!
A modern pressure cooker can easily maintain a liquid water temperature of 120℃, enabling excellent extraction of flavour into water (this is why a pressure cooker makes such
excellent stock).
It’s possible that the perfect cup of tea hasn’t been invented yet, owing to limitations in the boiling point of water.
I’m not the person to answer this question, because, as I said: I’m not a tea drinker. But surely somebody’s tried this5? It shouldn’t be too hard to retrofit a pressure cooker lid with a
sealed compartment that releases, even if it’s just on a timer, to deposit some tea into some superheated water?
Because maybe, just maybe, superheated water makes better tea. And if so, there’s a possible market for my proposed device.
Footnotes
1 I probably ought to be careful confessing to that or they’ll strip my British
citizenship.
3 Again, please not that I’m not a tea-drinker so I’m not really qualified to comment on
the flavour of tea at all, let alone tea that’s been brewed at too-low a temperature.
4 Some high-altitude tea drinkers swear by switching from black tea to green tea, white
tea, or oolong, which apparently release their aromatics at lower temperatures. But it feels like science, not compromise, ought to be the solution to this problem.
5 I can’t find the person who’s already tried this, if they exist, but maybe they’re out
there somewhere?
Part of the joy of the collaborative Internet is that people can share their passion. Today’s example comes from this YouTuber who’s made an hour long video demonstrating and
ranking the 35 elevators in the first five games in the Myst series.
Starting with a discussion of what defines an elevator, the video goes on to show off some of the worst of the lifts in the series of games (mostly those that are uninspired,
pointless, or which have confusing interfaces) before moving on to the well-liked majority.
I only ever played the first two Myst games (and certainly haven’t played the first since, what, the mid-1990s?) and I don’t think I finished either. But that didn’t stop me
watching the entirety of this video and revelling in the sheer level of dedication and focus it’ll have taken on the part of the creator. When I made my
(mere 15-minute!) video describing my favourite video game Easter Egg I spent tens of hours over the prior weeks researching the quirk and its background, configuring a copy of the
(elderly) game so that it’d play and record in the way I wanted, and of course playing through the game far enough to be able to fully demonstrate the Easter Egg. Dustin’s
video, which doubtless involved replaying (possibly multiple times) five different games released over a 12-year window is mindblowing by comparison.
I don’t really care about the Myst series. I care even less about its elevators. But I really enjoyed this video, if only for its creator’s enthusiasm.
Humans invented Wikipedia, which made accessing information highly-convenient, at the risk of questions about its authenticity1.
Then humans invented GPTs, which made accessing information even more-convenient2
at the expense of introducing hallucinations that can be even harder to verify and check.
Is humanity’s long-term plan to invent something that spews complete nonsense that’s simultaneously impossible to conclusively deny?3
Footnotes
1 I’m well aware that in many subject areas Wikipedia routinely outranks many other
sources for accuracy. But the point remains, because you’ve no idea what the bias of randomuser123 is; even if you check the sources they cite, you don’t know what
sources they omitted to include. I love Wikipedia, but I can’t deny its weaknesses.
2 Sure, ChatGPT and friends aren’t always more-convenient. But if you need to
summarise information from several sources, you might find them a more-suitable tool than those which came before. Why do I feel the need to add so many footnotes to what should have
been a throwaway comment?
3 Actually, now I think about it, I’m confident that I can name some politicians who are
ahead of the machines, for now.
RSS
Spotify
Pocket Casts
Apple Podcasts
YouTube
