Unix Principle: Don’t prevent foolish things, because that prevents clever things

Application group at dayjob ran into a guardrail today.
They need an FE-generated ID token, low-security, unique in a low-volume setting. Sounds like a UUID to me!
`crypto.randomUUID()`, in order to prevent low-security IDs being used where high-security is needed, is not accessible outside a secure context, and the application in question runs in an insecure context.
On the core team, our go-to “unique-enough id” is nanoid. nanoid is pretty spiffy; if available, it’ll use the browser crypto API to generate good-quality entropy and good random numbers. But! If not available, it’ll fall back, all the way to Math.random() if it needs to.
Secure? No! But not everything is a health info transfer, sometimes we just need a quick and handy number to tie some stuff together.

Moral of the story:
If you prevent your user (user-developer) doing dangerous things, you’ll also prevent them doing clever things. Document the scary bits and mark the holes, but don’t put up impassible guardrails or users will just find another way.

Full 1.0.0 release: Fedi-follow Widget

My Fedi-Follow widget is ready for a full 1.0.0 release!

The widget provides an interface for Fediverse users to easily follow or share a url from their home instance. It’s the first stage in my plan to make it easier to integrate Fediverse sharing and following into other platforms, like WordPress or other site engines.

Continue reading “Full 1.0.0 release: Fedi-follow Widget”

Open-Source: Covidbot-Ontario

I built a to post local numbers. In the process, I found Ontario Public Health's data feeds and ended up building something much more generic and reusable than I initially intended. Aside from the very local hospitalization and ICU numbers from KHSC, the Ontario feeds can be filtered to be useful anywhere in the province.

Continue reading “Open-Source: Covidbot-Ontario”

MastoBot 0.1.0-2

I've published another prerelease of to ; this prerelease expands coverage of the MastoBotAPI class and significantly improves method documentation coverage.

Continue reading “MastoBot 0.1.0-2”

Collect a keypress in a bash githook

After a flurry of accidental pushes direct to the main branch at work, I decided we need a technical solution. The obvious answer would be to use GitLab’s protected branches, but that’s not practical at our org. Next best: a to check the branch one is committing to, and have the user confirm or cancel as the case may be.

Continue reading “Collect a keypress in a bash githook”

Mastobot Beta 0.1.0-0

I've released an initial beta of to .

is a client library for . It offers 3 levels of helpers to communicate with a instance.

Continue reading “Mastobot Beta 0.1.0-0”