Application group at dayjob ran into a guardrail today.
They need an FE-generated ID token, low-security, unique in a low-volume setting. Sounds like a UUID to me!
`crypto.randomUUID()`, in order to prevent low-security IDs being used where high-security is needed, is not accessible outside a secure context, and the application in question runs in an insecure context.
On the core team, our go-to “unique-enough id” is nanoid. nanoid is pretty spiffy; if available, it’ll use the browser crypto API to generate good-quality entropy and good random numbers. But! If not available, it’ll fall back, all the way to Math.random() if it needs to.
Secure? No! But not everything is a health info transfer, sometimes we just need a quick and handy number to tie some stuff together.
Moral of the story:
If you prevent your user (user-developer) doing dangerous things, you’ll also prevent them doing clever things. Document the scary bits and mark the holes, but don’t put up impassible guardrails or users will just find another way.
Today is the International Day Against Homophobia, Transphobia, and Biphobia.
The date of 17 May was specifically chosen to commemorate the World Health Organization’s decision in 1990 to declassify homosexuality as a mental disorder.
The Day represents a major global annual landmark to draw the attention of decision makers, the media, the public, corporations, opinion leaders, local authorities, etc. to the alarming situation faced by people with diverse sexual orientations, gender identities or expressions, and sex characteristics.
The world has changed a lot, even just in my lifetime, but there is still a long way to go. We still face systemic and personal discrimination and violence. We still need allies to stand beside us and demand change, until every person has the same right to safety and life, no matter who or how we love.
As part of our recent moves toward better fitness, my partner & I picked up a secondhand exercise bike in the fall. Nice enough bike, but batteries were left in the display module when it went into storage, so it was dead when we got it. Enter the Arduino nerd; I set out to build a replacement module.
Continue reading “Bike Display Replacement”
After seeing several people ask about a tool to download their toots, I’ve started building one.
Masto-DL will archive all your toots into individual json files to grep and analyze to your heart’s content.
After seeing several people ask about a tool to download their toots, I’ve started putting together a tool to do just that.
Masto-DL will archive all your toots into individual files (json right now, yaml to come, more as needed/requested).
Continue reading “Initial Release: Masto-DL”
It would be mind-bogglingly difficult to build an ethical ad platform that would be accepted by the Fedi community.
(original thread starts at https://tech.lgbt/@silvermoon82/109325175432086325)
I imagine there’s some huge panic going on in the ad industry right now; birbsite was, until last month, one of the major outlets for advertising, but a) advertisers don’t want to appear beside Nazi shit, and b) the eyeballs are moving to the “Lawless hellscape of no use to anybody for advertising”.
Continue reading “Advertising on the Fediverse”
Scored a home gym over the weekend. It came with the OG dead-tree instructions, which is really nice because the manual doesn’t appear to exist online.
So, without further ado, I give you: the assembly instructions for the York Fitness 3230 Home Gym. May it inform you in good health.
I’ve seen a fair amount of chatter recently regarding accessibility of terminal apps, and it has me thinking. There’s been a recent growth of both full TUI toolkits and of lighter cli polish and shine modules, lots of tools to make the terminal more accessible and generally more comfortable for the average user, but it can come at a cost – these kits can make the cli less accessible to some sets of users, especially people with low vision, using screen readers or other assistive technology.
Continue reading “First Thoughts: Term-accessibility”
Not long ago, I read about a cute IoT project, CheerLights. It’s a network of RGB lights that all change colour together, coordinated by a Twitter bot. The idea is that we all rig up RGB lights of some description, then when someone pings the Twitter bot they all change in sync; just a nice little community togetherness thing. It’s adorable and I love it.
Continue reading “CheerLights: Let’s Glow Together”