sean

sean, 11 hours ago to random

It is disturbing how easy it is to overwhelm Contentful’s API rate limit by simply clicking more than a couple tabs open, at once, from their own UI.

The rate limit must be hilariously low (and the number of on-page API calls hilariouslhy high).

sean, 19 hours ago to random

“Starting April 24, any communications you will receive about your domains will come from noreply@registrar.amazon email address instead of route53-dev-admin@amazon.com”

Whoopsie? Who among us hasn’t accidentally left a dev configuration in production? I am Spartacus!

evan, 1 day ago (edited 22 hours ago) to random

Do you say "Fediverse" or "Social Web"?

#EvanPoll #poll

sean, 2 days ago to random

Vendor Security: why I've mostly given up on the practice of forcing vendors to regnerate insecurely-transmitted credentials

(and a ridiculous conference call)

✍️ https://seancoates.com/blogs/vendor-security

sean, 2 days ago to random

201x: user clicks link; browser blanks; new HTML loads; browser displays rendered HTML + JS + CSS + images.

2024: user clicks link; main work area blanks; browser displays “loading” spinner; new HTML never loads; user clicks “reload”; browser blanks; HTML loads; browser displays rendered HTML etc.; user is at a different page than before they clicked reload; user clicks X to close 4 on-page CTA prompts to join mailing lists, pay for content, chat with “support”, and opt out of tracking.

preinheimer, 2 days ago to php

Hey PHP Folks, question for you!

Back in the early 2000s, I feel like there was two big PHP development methodologies.

The "Yahoo! System" where they did all their front end in PHP, and had a lot of built in extensions to handle their business logic.

The "Facebook System" that used PHP for everything.

Is anyone still using the Yahoo! system? Do they talk about it much?

#php

ringmaster, 4 days ago to random Swahili

I just had a great idea: Use a git branch to store data for my blog that the site generates while it runs. I can keep a branch that has files for ActivityPub subscriptions and it can merge in main as I write and push posts. I’ve been looking for this answer for a while -- no “database” persistent storage with the ability to push back to the repo periodically for portability. I can set the token access to that branch only to protect my main branch. Yessss...

sean, 5 days ago to random

Tonight: look up (sorry southern hemisphere friends). I’m stuck in the city but this is the highest level of activity I’ve seen since I started paying attention, so I’m hopeful despite being in a very light-polluted area.

sean, 5 days ago to random

I absolutely love seeing the momentum of “keep users’ sensitive data on their own devices/in their own control only” as a technology + security + privacy strategy.

https://criticalmoments.io/blog/how_to_target_users_without_collecting_data

At work (http://matter.xyz) we don’t target users like this (we do occasionally cohort users to e.g. exclude Matter staff from analytics), but refusing to hold highly personal information is the core of our privacy stance.

(via @nicksloan via @heyjaywilson)

sean, 5 days ago to random

Learned that (allegedly) Ukraine is using a repurposed Stuxnet (or at least a Stuxnet-like system) against Russia. It’s called Fuxnet.

I’m not sure attacking [potentially civilian] infrastructure is the right move (lots of pro and cons there), but who can argue with a name like Fuxnet?

sean, 6 days ago to random

I keep hearing about Google paying Apple $20B/year to make it the default search engine in Safari. “They must make at least that much on search from Apple devices in order to justify the cost.”

This is wrong.

They must make at least that much from search OR from preventing others from eroding their monopsony. The REAL value is to prevent someone else from being the default.

It’s similar to regulatory capture, and we should tax the shit out of it.

(harnessing my inner @pluralistic)

sean, 6 days ago (edited 6 days ago) to random

Oh, I see you were in the middle of a 7-step process investigating a bug that’s probably on our side and WOULD YOU LIKE TO SCHEDULE A CALL WITH OUR CTO ABOUT AN EXCITING NEW PRODUCT LINE WE’VE LAUNCHED? IT PROBABLY HAS AI.

—web apps in 2024

CmdrTaco, 7 days ago to random

Today I tried something called a dragon chilli taki. If this is my last transmission, the takis have won: avenge me.

sean, 7 days ago to random

Have to admit I’m a little bummed this didn’t trigger something fun.

sean, 7 days ago to random

Feeling a weird paradox of…

…the optimism of how everything is better because we’re moving away from the decades-old mess of poor memory management with protections that C/C++ can’t enforce, and even improving on models like Garbage Collection (with Automatic Reference Counting and Borrow Checking), strong typing, powerful and accessible high-level languages…

…and the pessimism that actually using software feels so much worse nearly every day—especially on the web.

wez, 7 days ago to random

As an OSS maintainer, a pet peeve of mine is when someone asks why something is a particular way, when what they really mean is "I don't want to configure it to my preferences and I want you to change the way this works".

The "why" question sets things up for the maintainer to be on the defensive, which implies that the answer needs to be well researched and reasoned, which takes extra effort.

Ultimately the person asking doesn't care about any of this, making the whole thing a waste.

dotjay, 7 days ago to random

Friends with ADD/ADHD/VAST: Do any of you have any good resources or tools for directed attention fatigue?

saramg, 8 days ago to random

Enshittification As A Service.

sean, 8 days ago to random

I have Mailchimp set up to use MFA via TOTP and I have 2FA via SMS turned off.

I just logged in for the first time in a while. It made me verify by SMS and didn’t ask me for my TOTP number. In the settings, I have this configured correctly, but there’s a “We’ll use this to confirm your identity if we spot any unusual activity on your account.” phone number.

This seriously lowers my confidence that they’re doing this right at all. Everything seems to have gotten worse over the past few years.

preinheimer, 8 days ago to random

I didn't realize it until I came upon it in a podcast.

I view people calling twitter "X" without mentioning its former name a negative signal for how much I want to interact with that person.

sean, 4 months ago to random

GANDI seems to have lost all ability to process existing credit cards, due to a botched migration.

Always happy to see when AWS / Route 53 adds new TLDs so I can avoid external registrars.