zerosleeps

I stumbled upon this (via this) and thought it was an interesting excerise, so here are mine:

• Mail Server: Fastmail
• Mail Client: Fastmail’s web interface, believe it or not. It’s very good. Or their own iOS app for mobile.
• Notes: Usually just Markdown files
• To-Do: Things
• iPhone Photo Shooting: Built-in Camera app
• Photo Management: Apple Photos
• Calendar: Fastmail
• Cloud File Storage: None. It’s just not a need I have.
• RSS: Feedbin
• Contacts: Fastmail, with CardDAV sync to my iPhone
• Browser: Firefox at home, usually Edge at work because of this
• Chat: iMessage, but everyone else wants to use WhatsApp. Gross.
• Bookmarks: Firefox
• Read It Later: Feedbin for things found via RSS, Things for everything else
• Word Processing: Nope
• Spreadsheets: Excel, very rarely at work
• Presentations: Absolutely nope
• Shopping Lists: Things
• Meal Planning: Nope
• Budgeting and Personal Finance: Banktivity
• News: Just feeds in Feedbin
• Music: Spotify
• Podcasts: Overcast
• Password Management: 1Password

Special shout out to Pastebot for clipboard management, and Sublime Text for almost everything else!

I don’t miss much from the UK, but after almost 15 years I still miss the BBC.

David Heinemeier Hansson on hey.com.

Yeah I think he’s spot on with this. Passkeys solve a problem, but I’m not sure they solve the correct problem. The technology is bulletproof - we’ve been using public/private keys for decades - and when implemented properly is unquestionably more secure at the bits-and-bytes layer. But the problem with passwords is almost always human, and passkeys don’t really solve that.

As pointed out by John Gruber at Daring Fireball, passkeys only work if you use some kind of password manager. In my case that means I can only use passkeys when I’m using my own Mac or my own iPhone, which is a pretty big hurdle in some cases. And if you’re the kind of person who already uses a password manager then there’s a good chance that - like me - all your accounts already have long, unique, high-entropy passwords.

I suspect this explains why most services I’ve enabled passkeys for leave the traditional username/password login path enabled, meaning my accounts are still vulnerable to that kind of attack, so… what’s the point of the passkey?

I want this as a poster!!

I though this suggestion to add an “open a random post” button sounded fun, so I’ve just added that feature to zerosleeps.com. You’ll find it in the navigation bar. A simple way for someone to get a feel for the nonsense that I’ve posted here over the years.

I didn’t want to generate a link to a random post every time the navigation bar is rendered. Instead, I wanted the random thingy to have it’s own URL, which in turn redirects the requestor to the absolute URL for a random post.

On top of that I didn’t want to do this using HTTP 302. Django’s RedirectView makes it easy to serve 302 responses, but the semantics of that status code didn’t feel quite right - it’s supposed to indicate “that the target resource resides temporarily under a different URI”.

HTTP 303 felt like a better fit to me: “the server is redirecting the user agent to a different resource … which is intended to provide an indirect response to the original request”. A subclass of HttpResponseRedirectBase made light work of that requirement.

After deployment I discovered that Safari (and only Safari as far as I can tell) was caching the 303 response: you could visit /random_post/ as many times as you wanted, but you’d always get the same page back within the same 180 second period. Fair enough I suppose: I’ve told my web server to add a Cache-Control header to anything generated by Django, so it’s not unreasonable for Safari to cache the response to the initial redirect in addition to caching the final page. It’s interesting that other browsers don’t do that though.