Because I'm a massive nerd, I actually try to read specification documents. As I've ranted ad nauseam about the current TOTP spec being irresponsibly obsolete. The three major implementations of the spec - Google, Apple, and Yubico - all subtly disagree on how it should be implemented. Every other MFA app has their own idiosyncratic variants. The official RFC is infuriatingly vague. That's no good for a security specification. Multiple implementations are great, multiple interpretations are…
Continue reading →
The Web Crypto API is, thankfully, nothing to do with scammy cryptocurrencies. Instead, it provides access to powerful cryptographic features which were previously only available in 3rd party tools. So, is it possible to build a TOTP code generator without using any external JS libraries? Yes! And it is (relatively) simple. Here's the code that I've written. It is slightly verbose and contains a lot of logging so you can see what it is doing. I've annotated it with links to the various…
Continue reading →
Last year, I reviewed a Four-Colour eInk Name Badge - the ManyTag HSN371. The hardware itself is perfectly fine, but the Android app isn't great. It is complicated, crash-prone, and not available in the app-store. After some back-and-forth with the manufacturer, they agreed to send me their Android SDK and documentation. Sadly, the PDF they sent me was riddled with errors and the software library is also a bit dodgy. So, with the help of Edward Toroshchyn and a hefty amount of automated…
Continue reading →
This is three excellent plays in one. First, a ghost story. Second, a tribute act. Thirdly, a meditation on the nature of comedy. In many ways, it is the complement to Inside Number 9 playing next door. Cooper, Morecambe, and Monkhouse were dead to begin with. Perhaps you grew up watching them live at the Palladium, or on grainy VHS tapes, or in microbursts on TikTok. But they got their last live laugh several decades prior to today. Nevertheless, their comedy lineage remains. Every…
Continue reading →
WordPress does not respect an admin's preferred date format. Here's how the admin list of posts looks to me: I don't want it to look like that. I want it in RFC3339 format. I know what you're thinking, just change the default date display - but that only seems to work in some areas of WordPress. It doesn't change the column-date format. Here's what mine is set to: So that doesn't work. Instead, you need to use the slightly obscure post_date_column_time filter Add this to your theme's …
Continue reading →
My friend Manuel has sent me his latest book to review - and it is a corker. The best thing about this book is that it doesn't waste any time trying to convince you that Accessibility Is Good™. You're a professional web developer; you know that. Instead, it gets straight down to brass-tacks and gives you immediate and useful examples of what to do. You could read the book linearly - but it is much more suited to dipping into. Want to know exactly how to do something? There's almost certainly a…
Continue reading →
If you use Multi-Factor Authentication, you'll be well used to scanning in QR codes which allow you to share a secret code with a website. These are known as Time-based One Time Passwords (TOTP). As I've moaned about before, TOTP has never been properly standardised. It's a mish-mash of half-finished proposals with no active development, no test suite, and no-one looking after it. Which is exactly what you want from a security specification, right?! So let's try to find some edge-cases and…
Continue reading →
Take a look at these two QR codes. Scan them if you like, I promise there's nothing dodgy in them. Left is upper-case HTTPS://EDENT.TEL/ and right is lower-case https://edent.tel/ You can clearly see that the one on the left is a "smaller" QR as it has fewer bits of data in it. Both go to the same URl, the only difference is the casing. What's going on? Your first thought might be that there's a different level of error-correction. QR codes can have increasing levels of redundancy i…
Continue reading →
A friend mentioned that they were going to a Proust book club where they'd be discussing Swann's Way, the first volume of the masterpiece. "Well," I thought, "That sounds like a fun challenge!" It was not. I picked up the Standard eBooks version translated by C. K. Scott Moncrieff and started my journey. It starts with a young man having a wet dream and then, in excruciating detail, describing the process of waking up. The writing starts as dreamy but quickly becomes obtuse. The story (such…
Continue reading →
I went into this as a cynic and came out a grinning maniac. Look, it is basically "Stomp" but for kids. It's a join-in pantomime where four babbling fools play with junk in a recycling centre to make music. Oh, sure, you could analyse it as being a blend of Commedia dell'arte and modern dance, but it is closer to Minions. All cartoon violence, generic-Euro-mumble speech, and tunes that they'll recognise when they're older (but the parents will love). The kids in the audience were constantly…
Continue reading →
The purpose of table manners is to stop us killing each other. That's the rather provocative assertion in Margaret Visser's excellent deconstruction of why we have such elaborate and infuriating rituals around eating. It starts, naturally enough, with a chapter on human sacrifice. It is grim, violent, and soaked in blood. A delightful amuse-bouche this isn't! But it makes the case that this is (part) of the origin of our modern table manners. We no longer need to appease the gods and secure a …
Continue reading →
This post will show you how to programmatically get the cheapest possible price on eBooks from Kobo. Background Amazon have decided to stop letting customers download their purchased eBooks onto their computers. That means I can't strip the DRM and read on my non-Amazon eReader. So I guess I'm not spending money with Amazon any more. I'm moving to Kobo for three main reasons: They provide standard ePubs for download. ePub DRM is trivial to remove. Kobo will undercut Amazon's prices! …
Continue reading →
