krinkle

krinkle, 18 days ago to Wikipedia

Best sentence of the Wikipedia article about temperance activist Carrie Nation:

“Her methods escalated from simple protests to serenading saloon patrons with hymns accompanied by a hand organ, to greeting bartenders with pointed remarks such as, ‘Good morning, destroyer of men’s souls'.”

https://en.wikipedia.org/wiki/Carrie_Nation

via https://juliawise.net/how-bad-is-alcohol/

#prohibition #temperance #Wikipedia #JuliaWise

krinkle, 1 month ago to random

@zachleat

I wonder if there's a better way to show page weight on leaderboards.

One thing could be to sync their Y-axis so that they're lines on the same base chart (instead of relative to own history only).

Another might be to then invert that axis with bottom the current largest and top the current-smallest. Or... maybe a singlestat number with current size of each and some kind of shared color range (no line/history until click).

Thoughts?

https://www.speedlify.dev/test-runners/

#speedlify #webperf

krinkle, 1 month ago to random

@wilfredh Happy to file a bug, but wondering whether this actually is a bug. I don't understand what differences it is trying to show me, or why it choose the parts it did to show as red/green vs the parts it showed as unchanged.

The files are from the same repro as https://github.com/Wilfred/difftastic/issues/694 in https://github.com/jquery/blog.jquery.com-theme/tree/main/jquery and https://github.com/jquery/jquery-wp-content/tree/main/themes/jquery.

GNU diff returns empty:

$ diff -w -u _blog_search.php themes/jquery/search.php   
$ diff --version  
diff (GNU diffutils) 3.7  

krinkle, 2 months ago to random

Fastly uses the H2O reverse proxy for fast and secure TLS termination over QUIC, HTTP/3, HTTP/2, and 1.1.

The project site compares its benchmarks only to Nginx. I'd love to see a more recent comparison that includes ATS (Apache Traffic Server), HAProxy, and Varnish/Hitch as fellow reverse proxies for TLS termination.

https://www.fastly.com/blog/tls-more-secure-always-fast

via @devs and https://ieji.de/@SolSoCoG/109392993726218659

#webperf #nginx #varnish #apachetrafficserver #H2O #fastly #HAProxy

krinkle, 2 months ago to webdev

Geoff Graham, former lead editor of CSS-Tricks @geoff, wrote:

"""
My professional identity shifts from CSS developer, JavaScript developer, WordPress developer, web designer, technical editor, and educator depending on who you talk to. [..]
"""

I feel you. Even before I became a staff/principal engineer, I found this industry only enjoyable and effective when you're not afraid to take on different hats. I can't imagine doing just one of these.

https://geoffgraham.me/shifting-identities/

#webdev #staffengineer

krinkle, 2 months ago (edited 2 months ago) to random

Difficult.

Difficult is a cult centered around the exchange of Diffie–Hellman public keys. Its members are primarily known for their interest in obscure cryptographic inventions.

#FakeDefinitions #cryptography

krinkle, 2 months ago to infosec

Cryptominer Leverages Free GitHub CI

It's kind of obvious, given:

• overpriced cloud server renting (GCP, AWS, ..),
• increasingly heavy software ("just run these docker containers!"),
• promise of free crypto "money".

People will use "Free" cloud hosting via Travis/GitHub/Circle and other CIs to run the most compute possible, triggered via random empty commits and such. This is the new normal.

https://sysdig.com/blog/massive-cryptomining-operation-github-actions/

#infosec #GitHubActions

krinkle, 3 months ago to infosec

Timo Longin @login introduces SMTP smuggling, a novel technique to spoof fully SPF-validated emails from various popular domains including @microsoft.com.

Wow. It's incredible nobody found this before. It's the first of its kind. Probably not the last...!

https://youtu.be/V8KPV96g1To

Related:
https://media.ccc.de/v/37c3-11782-smtp_smuggling_spoofing_e-mails_worldwide
https://www.postfix.org/smtp-smuggling.html
https://www.malwarebytes.com/blog/news/2024/01/explained-smtp-smuggling

#SmtpSmuggling #37C3 #SMTP #vulnerability #infosec #TimoLongin #security

krinkle, 3 months ago to random

The shape of Happiness.

I can imagine theories for why someone's experience might follow this shape, and of course many people will have a very differently shaped life.

Yet, it surprises me to learn that there is a clear overall average, and that this is the shape of that average.

It sure doesn't inspire hope (speaking as an under-50), but then again it's important to know you're not doomed to this shape. You be you!

from https://www.washingtonpost.com/news/wonk/wp/2017/08/24/under-50-you-still-havent-hit-rock-bottom-happiness-wise/ via https://juliawise.net/raising-children-on-the-eve-of-ai/

#happiness

krinkle, 3 months ago to johnoliver

John Oliver's Last Week Tonight just made a 5min-long fake episode of Thomas the Tank Engine, featuring hilarious narration by Matt Berry! (Mr Reynolds, The IT Crowd, Channel 4)

https://youtu.be/AJ2keSJzYyY?si=L68irZnAmI6vhIbQ&t=1363

via https://eigenmagic.net/@vampiress/111860385530784941

#ITCrowd #MattBerry #LastWeekTonight #JohnOliver

krinkle, 4 months ago (edited 4 months ago) to random

Steve Jobs in 2010 internal email:

> digital hub [..] moving from PC to cloud
> * we invented Digital Hub concept [..] for all your contacts, calendars, bookmarks, photos, music, videos
> * PC now just another client alongside iPhone, iPad, iPod
> * Apple is in danger of hanging on to old paradigm too long (innovator's dilemma)
> * Google and Microsoft are further along [..], but haven't quite figured it out.

Interesting to see it all spelled out (§14).

https://www.theverge.com/c/22611236/epic-v-apple-emails-project-liberty-app-store-schiller-sweeney-cook-jobs

#EpicVsApple

krinkle, 4 months ago (edited 4 months ago) to Youtube

Basically, an Uzbekistan TV channel used part of a film by Blender Studio. Another artist also embedded part of that same film (both legal under CC license).

The TV company's rant-a-scam "copyright protection" agency semi-automatically reports the artist's video to YouTube as illegal copy of its TV content, despite holding no copyright to do so, and wins. The artist had to risk a channel strike to appeal - and still lost.

https://torrentfreak.com/company-hijacks-blenders-cc-by-licensed-film-youtube-strikes-user-221205/

#youtube #copyright #DMCA @torrentfreak

krinkle, 6 months ago to random

Recall 10-second Tom? Background character in "50 First Dates", the 2004 rom-com starring Adam Sandler and Drew Barrymore.

He's a punchline to comfort the main character who "merely" has a one-day memory.

But, do you know the real story of Clive Wearing? British music producer who has severe retrograde amnesia for over 20 years. He has a 7-second memory...

Watch the first three minutes to get the gist.

https://youtu.be/k_P7Y0-wgos?feature=shared

https://en.wikipedia.org/wiki/Clive_Wearing

#CliveWearing #RealStories #amnesia

krinkle, 6 months ago to retrogaming

How did Commander Keen do adaptive tiling, back in the 1980s? Explanation by Fabien Sanglard @fabinou:

https://fabiensanglard.net/ega/

Source code: https://github.com/keendreams/keen

#commanderkeen #RetroGaming

krinkle, 6 months ago (edited 6 months ago) to mediawiki

All major browsers rely on a dark secret: the quirks where native code or the UA stylesheet is varied based on which site you're on.

They're a hell to debug if you're ever caught in one, but they make for interesting stories!

Example:
https://neugierig.org/software/chromium/notes/2009/08/mediawiki-workaround.html

Fix for SVN deadlink:
https://static-codereview.wikimedia.org/MediaWiki/53141.html

Source code of doom:
https://github.com/WebKit/WebKit/blob/main/Source/WebCore/page/Quirks.cpp

History:
https://github.com/WebKit/WebKit/commits/main/Source/WebCore/page/Quirks.cpp

#WebHistory #webkit #chromium #KHTML #MediaWiki #webcompat

krinkle, 7 months ago to infosec

How does Wikimedia approach security and performance?

We're quite selective in our dependencies and often audit the sources ourselves. Progressive enhancement makes for a blazing fast and accessible site, and, I argue, it's also the cheaper choice in the long run!

Read more over @openjsf:

https://openjsf.org/blog/2023/10/05/wikimedia-case-study/

#infosec #webperf #OpenJS #foss #floss #Wikipedia

krinkle, 7 months ago to Ethics

What are the ethical expectations of an open source project? by Alex Kladov

https://matklad.github.io/2023/10/18/obligations.html

#matklad #ethics

krinkle, 7 months ago to webdev

Breakdown of GPU attack:

• Cross-origin iframe should be opaque (can't see fetch response, DOM, or draw to canvas).
• CSS filters on iframe to skew 1 pixel into 2000px black/white square.
• Draw complex SVGs (>16ms).
• Observe time between requestAnimationFrame calls.
• Repeat for 30 min.
• Deduce that render speed might imply the GPU saw similarity (think GZIP) between your SVG and the iframe pixel elsewhere onscreen.

https://arstechnica.com/security/2023/09/gpus-from-all-major-suppliers-are-vulnerable-to-new-pixel-stealing-attack/

https://www.hertzbleed.com/gpu.zip/GPU-zip.pdf
#appsec #webdev #gpuzip

krinkle, 7 months ago (edited 7 months ago) to webdev

"Google Sites" now supports embedding images.

What you want: <img style="margin: 0 auto;">

What you get:

• ~100 HTML elements, including 57 unique CSS class names across 83 attributes, 30 hidden DIVs, 3 iframes, 2 external script tags, 2 inline script tags, and 1 actual <img> tag.
• the <img> is inside an iframe, nested 3 (!) levels of iframes deep.
• an image cut off in both X and Y directions.
• not one, but two unwanted scrollbars.

#enshittification #webperf #SemanticHTML #html5 #HTML

krinkle, 7 months ago to random

@kostajh

Ten years and counting... switched to Silent Mode (or "Vibration Mode") after I got an iPhone 4S and not looked back. Very few apps are permitted badges or Notif Center presence, and Lock Screen limited to calendar events and VIPs. Sleep Mode scheduled every evening/night.

I occasionally run into a bug where some apps won't play audio tracks (mistaking it for mute even for user-initiated playback), but other than that, wouldn't want it any other way.

https://www.kostaharlan.net/posts/do-not-disturb/

krinkle, 8 months ago to random

1998: <div onclick="foo(bar)"></div>

2023: <VeryNiceDiv onClick={foo(this.bar)} />

Ah... the progress we've made.

🥸

The former was of course never best practice. It was poor separation of concerns to mix JS in your content.

Btw, did you know that the former actually checks local props/methods first?

Native event attributes are evaluated in an implicit 'with(this){}' block. That's why stuff like <textarea onclick="select()"> or <input onblur="alert(value)"> works even without 'this'.

krinkle, 8 months ago to php

DuckDuckGo has opinions.

Time to upgrade your servers!

#PHP

krinkle, 8 months ago (edited 8 months ago) to apple

Apparently the 🪙 coin emoji, is associated in Siri Knowledge with Y Combinator.

Usually when stuff like this happens, it's because a redirect article exists in Wikipedia, or an alias label Wikidata. But... not this time.

I wonder if it comes from another dataset, or an inside joke at Apple?

#siri #apple #wikipedia #wikidata #ycombinator

krinkle, 8 months ago (edited 8 months ago) to random

"When the pyramids were being built, there were still woolly mammoths."

Ah, another great mystery revealed about the pyramids. It was the mammoths all along! 🦣

via @jkottke

https://kottke.org/14/02/unlikely-simultaneous-historical-events

Learn more: https://en.wikipedia.org/wiki/Woolly_mammoth#Extinction

krinkle, 9 months ago to til

Apparently there's a a cross-over between Magento and Twitter.

In 2011, when eBay acquired Magento (an open source e-commerce CMS), it was intended to become part of eBay's "X Commerce Group" at www.x.com. No doubt a domain eBay had inherited from the time where Musk was involved.

Today, that domain of course redirects to Twitter.com.

https://techcrunch.com/2011/06/23/ebay-acquired-magento-for-over-180-million-but-not-everyone-is-smiling/

https://en.wikipedia.org/wiki/Magento

#TIL #Magento #Ebay #PHP #Adobe