Application group at dayjob ran into a guardrail today.
They need an FE-generated ID token, low-security, unique in a low-volume setting. Sounds like a UUID to me!
But.
`crypto.randomUUID()`, in order to prevent low-security IDs being used where high-security is needed, is not accessible outside a secure context, and the application in question runs in an insecure context.
On the core team, our go-to “unique-enough id” is nanoid. nanoid is pretty spiffy; if available, it’ll use the browser crypto API to generate good-quality entropy and good random numbers. But! If not available, it’ll fall back, all the way to Math.random() if it needs to.
Secure? No! But not everything is a health info transfer, sometimes we just need a quick and handy number to tie some stuff together.
Moral of the story:
If you prevent your user (user-developer) doing dangerous things, you’ll also prevent them doing clever things. Document the scary bits and mark the holes, but don’t put up impassible guardrails or users will just find another way.
Tag: Code
Bike Display Replacement
As part of our recent moves toward better fitness, my partner & I picked up a secondhand exercise bike in the fall. Nice enough bike, but batteries were left in the display module when it went into storage, so it was dead when we got it. Enter the Arduino nerd; I set out to build a replacement module.
Continue reading “Bike Display Replacement”First Thoughts: Term-accessibility
I’ve seen a fair amount of chatter recently regarding accessibility of terminal apps, and it has me thinking. There’s been a recent growth of both full TUI toolkits and of lighter cli polish and shine modules, lots of tools to make the terminal more accessible and generally more comfortable for the average user, but it can come at a cost – these kits can make the cli less accessible to some sets of users, especially people with low vision, using screen readers or other assistive technology.
Continue reading “First Thoughts: Term-accessibility”Full 1.0.0 release: Fedi-follow Widget
My Fedi-Follow widget is ready for a full 1.0.0 release!
The widget provides an interface for Fediverse users to easily follow or share a url from their home instance. It’s the first stage in my plan to make it easier to integrate Fediverse sharing and following into other platforms, like WordPress or other site engines.
Continue reading “Full 1.0.0 release: Fedi-follow Widget”Bits of Galaxy
So, I’ve been toying with the idea of putting together an online space game. Inspiration comes from things like TradeWars 2002, Escape Velocity: Nova and FTL, with multiplayer in the theme of a MUD. Real-time, but a bit chill, maybe as much a shared experience as a ”game”. In particular, I’m aiming for the server API to be conducive to AI/ML agents running around exploring.
Continue reading “Bits of Galaxy”MastoBot 0.1.0-2
I've published another prerelease of #MastoBot to #npm; this prerelease expands coverage of the MastoBotAPI class and significantly improves method documentation coverage.
Continue reading “MastoBot 0.1.0-2”Get a Keypress in NodeJS
This turned out to be surprisingly difficult to find an answer for; I wanted to, in a node terminal program, wait for and return a single keypress.
Continue reading “Get a Keypress in NodeJS”SimpleOpenID for php
The OpenID library I'm using for Rosebleed (and other projects, both major and minor) is SimpleOpenID from PHPClasses.org.
The original class did most of what I needed, but I made some minor changes. I've emailed the original contributor to offer my changes back, but until I hear back, I've posted my modified version here:
Comments/feedback always welcome.