zerosleeps

Hey look! That’s my bug!

The piece of software I’ve built my career around defaults to checking the HTTP Referer header with each request, and if it doesn’t get exactly the value it wants, it invalidates the session. Game over.

It’s infuriating: the header is optional and was never intended to be used for anything remotely related to session security. And yet, back when I logged this bug, I had to really fight with the software vendor to get them to disable this check. We found that a lot of mobile browsers don’t include the Referer header when reloading a page, and services like Microsoft’s Defender SmartScreen and Google’s Safe Browsing don’t include the header at all when doing their remote scans. Ad blockers often strip the header, privacy-conscious users might disable this header, browser plugins that intercept file downloads - like Abode PDF plugins - don’t include the header. Heck even duplicating browser tabs and opening browser developer tools was enough to trigger an abrupt logout.

It affected a lot of our customers - they simply couldn’t use our service. But the vendor stood firm on their belief that this behaviour enhanced the security of their product, and didn’t seem concerned that it meant hundreds of our customers couldn’t even use the product. We were never able to come up with an explanation we could give our customers that didn’t make us sound like idiots either.

Anyway, that’s the story behind the reason for me logging that Firefox bug.

This hexagonal regular expression crossword thingie is excellent fun! Fiendish and clever and challenging right to the end.

Every once-in-a-while I’ll take a screenshot of my iPhone’s Home Screen (Apple capitalise it so I’ll do the same even though it’s stupid) and just leave it sitting in Photos. Why? Well because every time I edit my home screen to swap something out or replace a widget the whole fucking thing gets rearranged whether I like it or not. I am heavily reliant on muscle memory when stabbing at icons on my Home Screen but it’s a bit like typing - I know where the button I want should be, but if you asked me to draw the layout I would fail very badly.

So when I accidentally or otherwise rearrange my Home Screen, I refer to the last screenshot to put things back to where my brain thinks they should be.

Anyway, just for fun here’s my Home Screen right now:

I only have one page of icons: if I swipe to the right I end up in App Library. If I don’t use something regularly enough that it deserves a place on the home screen I’ll swipe down and search or use Siri Suggestions (which is surprisingly good at anticipating my needs) anyway, so maintaining other pages of icons would be a waste of time.

Dock

Is it called “Dock” on iOS? Anyway, the 4 things I reach for all the time: Messages, Fastmail, Safari, and Overcast.

Top row

Clock, because why not? I do actually use Clock when I need to see what time it is in Scotland, or the current time in UTC. Then Settings, Photos, and Camera. Camera is only really there because it’s been in that position since my first iPhone. See “muscle memory” above.

Second row

Phone, the fantastic TripView, Maps (Apple Maps is way better now than it used to be so I was happy to dump Google Maps a while ago), and WillyWeather. The last one uses data from our Bureau of Meteorology which is very accurate, compared with whatever-the-hell garbage is fed into Apple’s own Weather app.

Third row

Netflix, Macquarie, 1Password, then a folder with some “security” stuff in it: Macquarie’s Authenticator, Microsoft’s Authenticator, Duo Mobile (the last two are for work), and myGovID.

Fourth row

Genius Scan, WhatsApp, Spotify, and PCalc. I think Apple’s Notes now does the clever document scanning stuff that Genius Scan does, but Genius Scan also lets me edit, convert, and send files anywhere (e.g. to WebDAV services). I hate that I use WhatsApp as much as I do, but what’s the alternative when the people you need to contact only use it?

Fifth and sixth rows

A 2-icons-by-2-icons Things widget, then the Things icon itself. I friggin’ love Things. I paid a few bucks for it years ago and must have added tens of thousands of entries into their cloud-backed service for no additional cost ever since. I’d happily give these guys money on the regular! And to finish things off it’s Streaks, Callsheet, and Strong. I don’t think I’ll be keeping Callsheet around once my subscription expires.

A delightfully calm and professional insight from pilot Patrick Smith:

In decades past, multiple airline crashes were the norm every year, with hundreds of dead at a time. We’ve grown so accustomed to near-perfect safety that a minor event, without a single injury, wins as much attention in 2024 as a crash that killed two-hundred people would’ve gotten in the 1980s.

As is tradition around here, my reading log review for 2023 is in. Continuing the downward trend I completed just 20 books last year, and abandoned an additional 3.

The average rating of the completed books was 3.3 out of 5. I didn’t discover any new 5-stars this year - the 4 books that I gave 5-stars to were all re-reads.

If I exclude re-reads, the average rating drops to 2.8. 3 stars is a “pass” in my rating systems, so 😬

I’m really not good at discovering new authors/genres/whatever, and I’m convinced that’s what puts me off picking up the next book.

Non-fiction scores much higher than fiction, so maybe this year I’ll focus more on non-fiction and see if that helps. Having said that, I fully intend to start the year by re-reading some of my favourites - “The Martian”, “Project Hail Mary”, and maybe “To Obama”.