krinkle

krinkle, 7 months ago (edited 7 months ago) to webdev

"Google Sites" now supports embedding images.

What you want: <img style="margin: 0 auto;">

What you get:

• ~100 HTML elements, including 57 unique CSS class names across 83 attributes, 30 hidden DIVs, 3 iframes, 2 external script tags, 2 inline script tags, and 1 actual <img> tag.
• the <img> is inside an iframe, nested 3 (!) levels of iframes deep.
• an image cut off in both X and Y directions.
• not one, but two unwanted scrollbars.

#enshittification #webperf #SemanticHTML #html5 #HTML

lapcatsoftware, 1 month ago to random

I really dislike how Mastodon handles direct messages, as if there were just any other post with replies.

Twitter does this much better. Direct messages are grouped by person, as they should be. On Mastodon, though, it’s difficult to see your message history with a person, and it’s always unclear whether you should reply to an old, possibly unrelated direct message or start a new “thread”, which is more difficult than it should be.

krinkle, 7 months ago to webdev

Breakdown of GPU attack:

• Cross-origin iframe should be opaque (can't see fetch response, DOM, or draw to canvas).
• CSS filters on iframe to skew 1 pixel into 2000px black/white square.
• Draw complex SVGs (>16ms).
• Observe time between requestAnimationFrame calls.
• Repeat for 30 min.
• Deduce that render speed might imply the GPU saw similarity (think GZIP) between your SVG and the iframe pixel elsewhere onscreen.

https://arstechnica.com/security/2023/09/gpus-from-all-major-suppliers-are-vulnerable-to-new-pixel-stealing-attack/

https://www.hertzbleed.com/gpu.zip/GPU-zip.pdf
#appsec #webdev #gpuzip

krinkle, 2 months ago to infosec

Cryptominer Leverages Free GitHub CI

It's kind of obvious, given:

• overpriced cloud server renting (GCP, AWS, ..),
• increasingly heavy software ("just run these docker containers!"),
• promise of free crypto "money".

People will use "Free" cloud hosting via Travis/GitHub/Circle and other CIs to run the most compute possible, triggered via random empty commits and such. This is the new normal.

https://sysdig.com/blog/massive-cryptomining-operation-github-actions/

#infosec #GitHubActions

krinkle, 10 months ago to random

May I have a USB-4 Version 2.0 Type-C cable? 🤷

Timeline:

• USB (v1, plug type A).
• USB 2 (invisible "it's faster now" release, type A).
• USB 3 or "the blue one" (v3, usually A, but type B plugs exist).
• USB4, USB-C, or Thunderbolt (type C only), the "hey we removed a space before the number in our advertising" release.
• "USB4 Version 2.0 over Type-C", or "we forgot our naming scheme, added fractions, and oh did we say it's faster?"

https://daringfireball.net/linked/2022/09/03/usb4-2-point-0
https://en.wikipedia.org/wiki/USB-C

#USB

krinkle, 6 months ago to retrogaming

How did Commander Keen do adaptive tiling, back in the 1980s? Explanation by Fabien Sanglard @fabinou:

https://fabiensanglard.net/ega/

Source code: https://github.com/keendreams/keen

#commanderkeen #RetroGaming

krinkle, 1 year ago to random

Pick a Wikipedia article, save it offline, open it.

For example, this featured article: https://w.wiki/3xBb

I believe we can do better, Chrome... 🥺

https://bugs.chromium.org/p/chromium/issues/detail?id=927948

(Screenshots: Firefox vs Chrome, two years ago vs today)

Screenshot taken today, in April 2023 (two years later). Firefox 112 still renders the page completely, with photos, layout, branding, and other styles in tact. Chrome 111 still renders the page with missing stylesheets and broken photos/images.

krinkle, 3 months ago to random

The shape of Happiness.

I can imagine theories for why someone's experience might follow this shape, and of course many people will have a very differently shaped life.

Yet, it surprises me to learn that there is a clear overall average, and that this is the shape of that average.

It sure doesn't inspire hope (speaking as an under-50), but then again it's important to know you're not doomed to this shape. You be you!

from https://www.washingtonpost.com/news/wonk/wp/2017/08/24/under-50-you-still-havent-hit-rock-bottom-happiness-wise/ via https://juliawise.net/raising-children-on-the-eve-of-ai/

#happiness

krinkle, 8 months ago (edited 8 months ago) to random

"When the pyramids were being built, there were still woolly mammoths."

Ah, another great mystery revealed about the pyramids. It was the mammoths all along! 🦣

via @jkottke

https://kottke.org/14/02/unlikely-simultaneous-historical-events

Learn more: https://en.wikipedia.org/wiki/Woolly_mammoth#Extinction

krinkle, 9 months ago (edited 9 months ago) to random

Scam Artist Argues Their Advice Could Work.

CNET ought to know better. Their idiotic attempt at SEO by en-mass 404'ing old articles was noticed by Google, which subtweeted with this TV ad-like PSA:

> Are you deleting content because you believe Google doesn’t like “old” content? That's not a thing!

But then, SEO experts double down and inform Gizmodo that "it’s an advanced practice that requires high levels of expertise"

Very advanced indeed.

https://daringfireball.net/linked/2023/08/10/cnet-dummies #cnet

krinkle, 4 months ago (edited 4 months ago) to Youtube

Basically, an Uzbekistan TV channel used part of a film by Blender Studio. Another artist also embedded part of that same film (both legal under CC license).

The TV company's rant-a-scam "copyright protection" agency semi-automatically reports the artist's video to YouTube as illegal copy of its TV content, despite holding no copyright to do so, and wins. The artist had to risk a channel strike to appeal - and still lost.

https://torrentfreak.com/company-hijacks-blenders-cc-by-licensed-film-youtube-strikes-user-221205/

#youtube #copyright #DMCA @torrentfreak

krinkle, 3 months ago to johnoliver

John Oliver's Last Week Tonight just made a 5min-long fake episode of Thomas the Tank Engine, featuring hilarious narration by Matt Berry! (Mr Reynolds, The IT Crowd, Channel 4)

https://youtu.be/AJ2keSJzYyY?si=L68irZnAmI6vhIbQ&t=1363

via https://eigenmagic.net/@vampiress/111860385530784941

#ITCrowd #MattBerry #LastWeekTonight #JohnOliver

krinkle, 3 months ago to infosec

Timo Longin @login introduces SMTP smuggling, a novel technique to spoof fully SPF-validated emails from various popular domains including @microsoft.com.

Wow. It's incredible nobody found this before. It's the first of its kind. Probably not the last...!

https://youtu.be/V8KPV96g1To

Related:
https://media.ccc.de/v/37c3-11782-smtp_smuggling_spoofing_e-mails_worldwide
https://www.postfix.org/smtp-smuggling.html
https://www.malwarebytes.com/blog/news/2024/01/explained-smtp-smuggling

#SmtpSmuggling #37C3 #SMTP #vulnerability #infosec #TimoLongin #security

krinkle, 1 month ago to random

@wilfredh Happy to file a bug, but wondering whether this actually is a bug. I don't understand what differences it is trying to show me, or why it choose the parts it did to show as red/green vs the parts it showed as unchanged.

The files are from the same repro as https://github.com/Wilfred/difftastic/issues/694 in https://github.com/jquery/blog.jquery.com-theme/tree/main/jquery and https://github.com/jquery/jquery-wp-content/tree/main/themes/jquery.

GNU diff returns empty:

$ diff -w -u _blog_search.php themes/jquery/search.php   
$ diff --version  
diff (GNU diffutils) 3.7  

krinkle, 1 month ago to random

@zachleat

I wonder if there's a better way to show page weight on leaderboards.

One thing could be to sync their Y-axis so that they're lines on the same base chart (instead of relative to own history only).

Another might be to then invert that axis with bottom the current largest and top the current-smallest. Or... maybe a singlestat number with current size of each and some kind of shared color range (no line/history until click).

Thoughts?

https://www.speedlify.dev/test-runners/

#speedlify #webperf

krinkle, 8 months ago (edited 8 months ago) to apple

Apparently the 🪙 coin emoji, is associated in Siri Knowledge with Y Combinator.

Usually when stuff like this happens, it's because a redirect article exists in Wikipedia, or an alias label Wikidata. But... not this time.

I wonder if it comes from another dataset, or an inside joke at Apple?

#siri #apple #wikipedia #wikidata #ycombinator

krinkle, 8 months ago to php

DuckDuckGo has opinions.

Time to upgrade your servers!

#PHP

lapcatsoftware, 4 days ago to random

WWDC 2004: Redmond, start your photocopiers.

WWDC 2024: Redmond, we’ve started copying your Copilot.

chris, 7 hours ago to random

Oh great... As if it isn’t bad enough that I have to clear every single mention notification twice in Ivory (and there is no way to turn off the rest of the notifications)... now even going to each tab no longer clears them and I need to quit the app entirely to do so.

I think it's time I put all my computers away... in the trashcan.

krinkle, 6 months ago (edited 6 months ago) to mediawiki

All major browsers rely on a dark secret: the quirks where native code or the UA stylesheet is varied based on which site you're on.

They're a hell to debug if you're ever caught in one, but they make for interesting stories!

Example:
https://neugierig.org/software/chromium/notes/2009/08/mediawiki-workaround.html

Fix for SVN deadlink:
https://static-codereview.wikimedia.org/MediaWiki/53141.html

Source code of doom:
https://github.com/WebKit/WebKit/blob/main/Source/WebCore/page/Quirks.cpp

History:
https://github.com/WebKit/WebKit/commits/main/Source/WebCore/page/Quirks.cpp

#WebHistory #webkit #chromium #KHTML #MediaWiki #webcompat

krinkle, 10 days ago to apple

The Great Flattening by Ben Thompson.

Ben makes the case that the Internet and various Apple products, aren't reductive, but rather empowering and positive. Decentralisation is at the core.

I believe this wasn't just Jobs-era marketing but a reality, one I and my family grew up benefiting from. GarageBand!

But, does Apple still believe that today? It seems with every release, my devices can do less with things I own, music, files, etc

https://stratechery.com/2024/the-great-flattening/

#stratechery #BenThompson #apple

krinkle, 22 days ago to random

Charged thousands of dollars for an empty Amazon S3 buckets?

"""
I opened my bucket for public writes and collected over 10GB of data within less than 30 seconds.
"""

It's like registering a domain previous used by malware. I forget where I read it, but it was something like $huge amounts of Internet web and email traffic are former malware and viruses still diligently trying to seek instructions or deposit data.

via @jonty via @WPalant

https://medium.com/@maciej.pocwierz/how-an-empty-s3-bucket-can-make-your-aws-bill-explode-934a383cb8b1

krinkle, 18 days ago to Wikipedia

Best sentence of the Wikipedia article about temperance activist Carrie Nation:

“Her methods escalated from simple protests to serenading saloon patrons with hymns accompanied by a hand organ, to greeting bartenders with pointed remarks such as, ‘Good morning, destroyer of men’s souls'.”

https://en.wikipedia.org/wiki/Carrie_Nation

via https://juliawise.net/how-bad-is-alcohol/

#prohibition #temperance #Wikipedia #JuliaWise

krinkle, 17 days ago to random

My latest modern art instalment.

I call it, "Le Derrière".

#ModernArt

krinkle, 11 days ago to random

Who wants a Berliner (jam-filled hole-less donut), when you could be having a Murdered Donut!

https://xoxo.zone/@neilk/111324872890527721