krinkle

bagder, 20 days ago to random

The thing about me being a BDFL for #curl is that it has the D in there. I have the means and ability to push for just about anything I like. I say that I truly try to be a benevolent dictator, but then I presume quite a few dictators would say so.

Next week I will tell you all about how I view this dictatorship and how it is not quite like a dictatorship of a country since in our case, everyone could just leave if I misbehave.

krinkle, 8 months ago (edited 8 months ago) to webdev

"Google Sites" now supports embedding images.

What you want: <img style="margin: 0 auto;">

What you get:

• ~100 HTML elements, including 57 unique CSS class names across 83 attributes, 30 hidden DIVs, 3 iframes, 2 external script tags, 2 inline script tags, and 1 actual <img> tag.
• the <img> is inside an iframe, nested 3 (!) levels of iframes deep.
• an image cut off in both X and Y directions.
• not one, but two unwanted scrollbars.

#enshittification #webperf #SemanticHTML #html5 #HTML

tdp_org, 15 days ago to infosec

On/around 27th May 2024, the traffic from Azerbaijan to www.bbc.com & www.bbc.co.uk reduced by over 80%.
Looking at our data, I can see that the vast majority of traffic in Azerbaijan comes from AS29049 (Delta Telecom) which is their majority ISP according to Wikipedia.
OONI says tests were passing as recently as 28th May from AS29049 but there's definitely something going on...Unsure exactly what.
(the gap in AS29049 is a GeoIP data migration)
#Azerbaijan #Censorship #InfoSec

Graph showing the daily total requests by Network AS. This shows a corresponsing drop, mainly on AS29049, Delta Telecom
OONI (ooni.org) data showing passing tests from AS29049 to www.bbc.com over the last month, all tests are passing but there are none since the 28th May

leaverou, 16 days ago to random

Doing some research on design systems / design tokens, especially around color.

What are some good open source color palettes?
So far I have: Open color, Open props, Tailwind, Material, Adobe Spectrum, GitHub Primer, Ant Design, IBM Design Language, Radix UI, Bootstrap.

Req: Need to have a page that lists all their colors (see examples).

Looking at color palettes primarily for UIs, not those designed exclusively for dataviz.

The Material color palette
Open Props

Greg, 20 days ago to random

Holy cow, the person sitting behind me at the coffee shop is on work calls (fine, I do it too) but they sound JUST LIKE those "here's what corporate speak sounds like when spoken by a millennial" videos.

krinkle, 8 months ago to webdev

Breakdown of GPU attack:

• Cross-origin iframe should be opaque (can't see fetch response, DOM, or draw to canvas).
• CSS filters on iframe to skew 1 pixel into 2000px black/white square.
• Draw complex SVGs (>16ms).
• Observe time between requestAnimationFrame calls.
• Repeat for 30 min.
• Deduce that render speed might imply the GPU saw similarity (think GZIP) between your SVG and the iframe pixel elsewhere onscreen.

https://arstechnica.com/security/2023/09/gpus-from-all-major-suppliers-are-vulnerable-to-new-pixel-stealing-attack/

https://www.hertzbleed.com/gpu.zip/GPU-zip.pdf
#appsec #webdev #gpuzip

krinkle, 3 months ago to infosec

Cryptominer Leverages Free GitHub CI

It's kind of obvious, given:

• overpriced cloud server renting (GCP, AWS, ..),
• increasingly heavy software ("just run these docker containers!"),
• promise of free crypto "money".

People will use "Free" cloud hosting via Travis/GitHub/Circle and other CIs to run the most compute possible, triggered via random empty commits and such. This is the new normal.

https://sysdig.com/blog/massive-cryptomining-operation-github-actions/

#infosec #GitHubActions

krinkle, 10 months ago to random

May I have a USB-4 Version 2.0 Type-C cable? 🤷

Timeline:

• USB (v1, plug type A).
• USB 2 (invisible "it's faster now" release, type A).
• USB 3 or "the blue one" (v3, usually A, but type B plugs exist).
• USB4, USB-C, or Thunderbolt (type C only), the "hey we removed a space before the number in our advertising" release.
• "USB4 Version 2.0 over Type-C", or "we forgot our naming scheme, added fractions, and oh did we say it's faster?"

https://daringfireball.net/linked/2022/09/03/usb4-2-point-0
https://en.wikipedia.org/wiki/USB-C

#USB

krinkle, 7 months ago to retrogaming

How did Commander Keen do adaptive tiling, back in the 1980s? Explanation by Fabien Sanglard @fabinou:

https://fabiensanglard.net/ega/

Source code: https://github.com/keendreams/keen

#commanderkeen #RetroGaming

krinkle, 1 year ago to random

Pick a Wikipedia article, save it offline, open it.

For example, this featured article: https://w.wiki/3xBb

I believe we can do better, Chrome... 🥺

https://bugs.chromium.org/p/chromium/issues/detail?id=927948

(Screenshots: Firefox vs Chrome, two years ago vs today)

Screenshot taken today, in April 2023 (two years later). Firefox 112 still renders the page completely, with photos, layout, branding, and other styles in tact. Chrome 111 still renders the page with missing stylesheets and broken photos/images.

krinkle, 3 months ago to random

The shape of Happiness.

I can imagine theories for why someone's experience might follow this shape, and of course many people will have a very differently shaped life.

Yet, it surprises me to learn that there is a clear overall average, and that this is the shape of that average.

It sure doesn't inspire hope (speaking as an under-50), but then again it's important to know you're not doomed to this shape. You be you!

from https://www.washingtonpost.com/news/wonk/wp/2017/08/24/under-50-you-still-havent-hit-rock-bottom-happiness-wise/ via https://juliawise.net/raising-children-on-the-eve-of-ai/

#happiness

mattedgar, 19 days ago to random

Visiting a house...

dustinrue, 20 days ago to random

TIL you can absolutely use an external fan on a M1 MacBook Air to cool it and keep thermal throttling to a minimum. Janky? Yes but 99% of the time I am not working with video or anything so CPU intensive that it causes issues.

krinkle, 10 months ago (edited 10 months ago) to random

Scam Artist Argues Their Advice Could Work.

CNET ought to know better. Their idiotic attempt at SEO by en-mass 404'ing old articles was noticed by Google, which subtweeted with this TV ad-like PSA:

> Are you deleting content because you believe Google doesn’t like “old” content? That's not a thing!

But then, SEO experts double down and inform Gizmodo that "it’s an advanced practice that requires high levels of expertise"

Very advanced indeed.

https://daringfireball.net/linked/2023/08/10/cnet-dummies #cnet

krinkle, 3 months ago to infosec

Timo Longin @login introduces SMTP smuggling, a novel technique to spoof fully SPF-validated emails from various popular domains including @microsoft.com.

Wow. It's incredible nobody found this before. It's the first of its kind. Probably not the last...!

https://youtu.be/V8KPV96g1To

Related:
https://media.ccc.de/v/37c3-11782-smtp_smuggling_spoofing_e-mails_worldwide
https://www.postfix.org/smtp-smuggling.html
https://www.malwarebytes.com/blog/news/2024/01/explained-smtp-smuggling

#SmtpSmuggling #37C3 #SMTP #vulnerability #infosec #TimoLongin #security

krinkle, 9 months ago to php

DuckDuckGo has opinions.

Time to upgrade your servers!

#PHP

vic, 17 days ago to Wikipedia

Woke up, had coffee & Italian sweets, kicked impostor syndrome in the 🎱 🎱
#Wikipedia #Editing wasn't ever on my bingo card, but here we are!
Any tips for rookie editors (that aren't in the official guidance)?

krinkle, 4 months ago to johnoliver

John Oliver's Last Week Tonight just made a 5min-long fake episode of Thomas the Tank Engine, featuring hilarious narration by Matt Berry! (Mr Reynolds, The IT Crowd, Channel 4)

https://youtu.be/AJ2keSJzYyY?si=L68irZnAmI6vhIbQ&t=1363

via https://eigenmagic.net/@vampiress/111860385530784941

#ITCrowd #MattBerry #LastWeekTonight #JohnOliver

krinkle, 5 months ago (edited 5 months ago) to Youtube

Basically, an Uzbekistan TV channel used part of a film by Blender Studio. Another artist also embedded part of that same film (both legal under CC license).

The TV company's rant-a-scam "copyright protection" agency semi-automatically reports the artist's video to YouTube as illegal copy of its TV content, despite holding no copyright to do so, and wins. The artist had to risk a channel strike to appeal - and still lost.

https://torrentfreak.com/company-hijacks-blenders-cc-by-licensed-film-youtube-strikes-user-221205/

#youtube #copyright #DMCA @torrentfreak

eslint, 13 days ago to random

@eslint/compat v1.0.3 has been released!

https://github.com/eslint/rewrite/releases/tag/vcompat-v1.0.3

krinkle, 9 months ago (edited 9 months ago) to apple

Apparently the 🪙 coin emoji, is associated in Siri Knowledge with Y Combinator.

Usually when stuff like this happens, it's because a redirect article exists in Wikipedia, or an alias label Wikidata. But... not this time.

I wonder if it comes from another dataset, or an inside joke at Apple?

#siri #apple #wikipedia #wikidata #ycombinator

krinkle, 1 month ago to random

@zachleat

I wonder if there's a better way to show page weight on leaderboards.

One thing could be to sync their Y-axis so that they're lines on the same base chart (instead of relative to own history only).

Another might be to then invert that axis with bottom the current largest and top the current-smallest. Or... maybe a singlestat number with current size of each and some kind of shared color range (no line/history until click).

Thoughts?

https://www.speedlify.dev/test-runners/

#speedlify #webperf

krinkle, 9 months ago (edited 9 months ago) to random

"When the pyramids were being built, there were still woolly mammoths."

Ah, another great mystery revealed about the pyramids. It was the mammoths all along! 🦣

via @jkottke

https://kottke.org/14/02/unlikely-simultaneous-historical-events

Learn more: https://en.wikipedia.org/wiki/Woolly_mammoth#Extinction

krinkle, 7 months ago (edited 7 months ago) to mediawiki

All major browsers rely on a dark secret: the quirks where native code or the UA stylesheet is varied based on which site you're on.

They're a hell to debug if you're ever caught in one, but they make for interesting stories!

Example:
https://neugierig.org/software/chromium/notes/2009/08/mediawiki-workaround.html

Fix for SVN deadlink:
https://static-codereview.wikimedia.org/MediaWiki/53141.html

Source code of doom:
https://github.com/WebKit/WebKit/blob/main/Source/WebCore/page/Quirks.cpp

History:
https://github.com/WebKit/WebKit/commits/main/Source/WebCore/page/Quirks.cpp

#WebHistory #webkit #chromium #KHTML #MediaWiki #webcompat

krinkle, 9 days ago to random

Interesting theory by Eric Portis @eeeps:

Why do LLMs receive high investments despite the current high-interest rates that usually restrict hypes? The companies doing the investing are essentially feeding themselves money independent of LLM profitability. Read the article to learn why/how.

Also, if you were wondering what all the shrimp news was about, read on as well 😅

https://ericportis.com/posts/2024/endless-shrimp-jesus/

#EndlessShrimp #ShrimpJesus