There's been lots of talk recently of the dearth of women attending technical conferences. This problem is blown out of all proportion! There are many excellent reasons to attend an all-male tech event: Reduced chance of having an affair while away on business ⚤ Hetrosexuals only! Won't accidentally mistake a CEO for a cocktail waitress 💁🍸 embarrassing! Excellent networking opportunities in the long queue for the men's toilets 🚽🚹 ⚣ Possible risk of inadvertent homosexuality! Impossibl…
Continue reading →
A few months ago, British Airways' customers had their credit card details stolen. How was this possible? The best guess goes something like this: BA had 3rd party JS on its payment page <script src="https://example.com/whatever.js"></script> The 3rd party's site was hacked, and the JS was changed. BA's customers ran the script, which then harvested their credit card details as they were typed in. This should have been a wake-up call to the industry. Don't load unauthenticated code on…
Continue reading →
One evening, my wife turned to me in bed and said, "Winter is coming..." Well, what she actually said was "Get your frozen feet away from me, you cold-blooded monster!" The only way to save our marriage? HOOK OUR BED UP TO THE INTERNET! I couldn't find an electric blanket with IoT connectivity - so I built my own. Why? As a person with cold feet, I want to yell at my robot servant to pre-heat the bed, so that it is toasty warm by the time I've finished my evening ablutions. The Blanket …
Continue reading →
Here's a curiosity which I found while stumbling through the Sony PlayStation store. The website loads internally hosted scripts using SRI (SubResource Integrity). Why? Does your work require you to swipe an ID card to access the building? That seems pretty normal. Does your work also remind you to keep your badge visible, and to challenge people who aren't wearing theirs? That also seems pretty normal. Sometimes security is breached, so we have multiple layers to keep us safe. In…
Continue reading →
For the last year-and-a-bit, Liz and I have been running OpenBenches.org. An open data website dedicated to memorial benches. Here are some rough and ready numbers about how it has gone so far. 9,870 Benches At the time of writing, we're a little shy of 10,000 benches. As you can see, we have photos from all around the world. 9,000 UK Benches The majority of our benches are in the UK. Memorial benches seems like a peculiarly Anglosphere habit. I've spoken to people from all sorts of…
Continue reading →
I've recently been suffering from a nasty bout of RSI. Thanks to the NHS, I know it isn't full Carpal Tunnel Syndrome, which is good. But I do need to take better care of myself. My usual kit is the MS 4000 ergonomic keyboard and an Evoluent Vertical Mouse. But recently I've been travelling a lot, and cramping over a MacBook's tiny keyboard. And that's taken a toll on me. The pain in my wrists was so bad, I took two weeks off work to heal. Spending a fortnight not engaging with any tech was …
Continue reading →
Some external JavaScript libraries are dynamic. That's a problem for the SRI model of security. How can this be fixed? Definitions Suppose I want my website to have the latest version of the jQuery library. I might use a Content Delivery Network (CDN) to serve the code for me. <script src="https://cdnjs.cloudflare.com/ajax/libs/jquery/3.3.1/jquery.min.js"></script> If an attacker were to get access to that CDN, they could inject code into my site and compromise my users' privacy. This…
Continue reading →
If you've spent any time with graphic designers, you'll know that they love spending your money on imperceptible tweaks to your image files. "It must be pixel-perfect!" they cry. When you query why they've generated the same icon in multiple sizes, each with subtle variations, they cryptically mention how everything must align with "the grid." This is hokum. First Principles When we first learn about computers, we're taught about pixels. The individual squares that make up a graphics…
Continue reading →
Scratching my own itch here... GitHub users have a username (mine is @edent) and have a user ID number (mine is #837136). If you want to redirect a user ID to a username, you can use the little service I've cobbled together: https://edent.github.io/github_id/#837136 That will take your browser to my GitHub page, using nothing but my ID. Why? Some login services only give you the GitHub user's ID. GitHub users can change their username - but their ID stays the same. How? Inspired by…
Continue reading →
Some casual thoughts about language. I recently received an invitation to a tech talk where all the speakers were blokes. As is normal for these sorts of things, I dropped the organisers an email saying I wouldn't be attending because of the lack of diversity. I received a very polite email back protesting that the speakers were diverse. There were speakers from India, Africa, and South America - no mean feat for an East-European conference. It just so happens that they were all men. …
Continue reading →
CloudFlare claim they want to secure the web - but they seem more interested in tracking their customers than giving them decent security. Upon registering with the Internet giant, users are encouraged to confirm their email addresses. So far, so standard. This is the confirmation message CloudFlare sends out: Looks good! Hey! I wonder where that garish orange button goes? WHAT!?! An http URl? Surely some mistake. Every baby-in-a-basket knows that we should use https everywhere. No…
Continue reading →
I could hear the act before me getting uproarious laughs. I was stuck on the toilet panicking my guts out. Why was this happening? My job involves lots of public speaking - to strangers, colleagues, senior leaders, peers, and random people on the Internet. To small BarCamps and to thousands of people in a conference centre. And yet I was shaking with fear at the thought of 10 minutes in front of a few dozen people in a pub. WHY?! Let me backtrack. My friends at Science Oxford asked me to do…
Continue reading →
