Keith Wagner

Notes

Here you'll find short blurbs about interesting articles or blogs from others I've read and wanted to note.

Code Isn’t Magical, It’s Just a Series of Commands

If you need to change a line of code, simply ask yourself two questions:

  • Where did I get the inputs?
  • Who relies on the outputs?

Answering these questions might not be simple; but, considering the code in this light removes the air of mystery and reduces the problem down to a set of quantifiable values.

Capability Makes Your Life Simpler

Capability makes your life simpler. Tolerance, skills, knowledge, and health are always with you, wherever you go. They are assets but they take up no space. They are stored in your body.

Some lack capability through no fault of their own, but anyone can increase their capability. It’s an investment that pays dividends every day.

An iPod and no recommendations are all I have wanted for my listening habits in 2024

I listen to my music and no calls can interrupt me. No notifications can interrupt me. No in-the-moment actions can pause my music. I can take an earbud out and there's no algorithm that pauses or unpauses my music. I can't ask Siri about a song.

This is calm.

I definitely understand where Tom is coming from. While there is definitely some awesomeness to AirPods and the like, there’s still something awesome about the old school iPod.

Misfire

This is why "give us your email address for 30% discount" popups and account signup forms are suddenly everywhere. Email addresses are stable, long-lived reidentifiers. Overt mechanisms like this are already replacing third-party cookies. Make no mistake: post-removal, tracking will continue for long as reidentification has perceived positive economic value. The only way to change that equation is legislation; anything else is a band-aid.

I’m kind of curious as to how much email aliases can help with this, and I don’t mean the ‘+’ in the email trick. I use FastMail for my email and can create truly unique emails for services I sign up for. Granted they all share the same domain, but they’re still different. It’s obviously not a panacea, but maybe something?

After the Rupture

Not to diminish the harm that can come from layoffs—they can absolutely be traumatic and devastating, and we desperately need better safety nets. But I also want to name the sense of relief and opportunity that often emerges after a big rupture, the generative combination of fuck it and what’s possible now? energy that leads people in directions they had long considered impractical but which now seem ripe for exploration. I see this experience a bit like what happens after an intense fire burns a stretch of forest down to ash: seeds that were dormant and waiting for just that moment suddenly germinate and stretch up to the clear, bright sun.

A secret I share about these transitions is that big changes only make sense in hindsight. Some day, years from now most likely, you’ll look back and tell a beautiful story of getting laid off or fired or whathaveyou, and how from that dark and terrible moment came a new beginning. But when you are in the thick of it, when you don’t yet have the gift of a rearview mirror, it won’t feel anything like providence. You’ll feel like you’re flailing about and you’ll want to scream or cry or both at the same time. Your boots will stick in the mud and your ropes will fray and you’ll lose your flint on the coldest night. It will be chaos. But it was chaos that birthed the universe. It is from chaos that many great stories begin. You’ll tell yours in time. First, you have to live it.

Just a thought about tough times...

Some thoughts on the YubiKey EUCLEAK Vulnerability

It looks like everyone's favourite FIDO token provider might have an unpatchable vulnerability! Much Sturm und Drang from the usual sources. But how bad is it really? Not so bad - but it does expose some weaknesses in the very idea of having physical tokens.

It also looks like the attacker will need:

  • Physical access to key
  • Username & password tied to account protected by key
  • $11,000 worth of equipment

So yes, it doesn’t seem to be an “easy” attack, but geez…it’s always something.

Cars Are Rolling Computers Now. So What Happens When They Stop Getting Updates?

Samsung and Google provide Android OS updates and security updates for seven years. Apple halts servicing products seven years after they stop selling them.

That might not cut it in the auto world, where the average age of cars on US roads is only going up. A recent report found that cars and trucks just reached a new record average age of 12.6 years, up two months from 2023. That means the car software hitting the road today needs to work—and maybe even improve—beyond 2036. The average length of smartphone ownership is just 2.8 years.

It’s not something that you might think about, but with all the technology in cars, how long will the tech be supported? Cars can last a long time if well maintained. Tech seems to be somewhat expendable.

My Honda Civic is now 10 years old and I don’t plan on getting rid of it anytime soon. The only “tech” I have in my car is the standard entertainment system, but newer cars have a whole lot more between cellular connectivity and much more.

Is it all going to be maintained and supported? Are security updates going to continue for the life of the car? What will GM, Ford, Honda and others consider the “life of the car”?

A Rant about Front-end Development

Chances are, the things you don’t like about CSS are the things you haven’t bothered to understand about it.

I will say, I did have gripes with CSS early in my career. The more I’ve used it though, the more I’ve grown to understand it. It can take some time to wrap your head around it. Dismissing it out of hand is not the answer.

My brothers and sisters in Christ I want you to know that I care about your souls enough to share these truths with you:

  • You don’t need JavaScript to make a web page.
  • You don’t need JavaScript to write styles.
  • You don’t need JavaScript to make an animation
  • You don’t need JavaScript just to show content.

I take pride in that my site limits its use of JavaScript. JS certainly has its place and I do use it, but boy do some developers rely on it for tasks that just don’t need it.

You don’t need a framework to render static content to the end user. Stop creating complex solutions to simple problems

Amen.

Every Dependency is a Potential Vulnerability

Every piece of code is a potential vulnerability, really. Not just dependencies.

But code that you don’t own, that’s outside your control, is particularly vulnerable.

One of the big myths of using frameworks and libraries and cloud services is that you no longer have the “own” that piece of the code. You’re benefiting from someone else having already solved it.

We deal with this a lot at my job and I think it's important to take note of. We thankfully have dependency checkers to catch known vulnerabilities in the packages we reference so issues are hopefully caught and identified sooner rather than later. But the fact remains that we can be at the mercy of the frameworks and libraries to fix them.

Third party developers could abandon their libraries or they only fix it in a version that has breaking changes compared with the version you're using. Either way, it means that you're now in a bind with your website or app.

This is not to say don't use third party libraries or frameworks. Most developers are fantastic and are legitimately doing their best to write good software. But it should cause you to do at least two things. First, be mindful of what dependencies you use. Second, do what you can to make sure you, and/or your company support the open source developers who make the tools you use.

Some Economic Ranting Regarding Trump

I try not to delve too much into politics here, but I heard this and thought it matters.

Here’s what she says in this tweet yesterday: “Trump brought up the idea” to that GOP meeting of “‘an all tariff policy’ that would lead to getting rid of the income tax, per sources in the room.” So, this. This frustrates me so deeply. Number one, because it’s just idiotic and economically illiterate, which I’ll explain in a moment. But number two, it is an example of the, I don’t want to say chasing our tails, but the knocking down of idiocy that the economic and financial media is going to have to do if the former president wins because facts matter. So, super quickly. I looked up these numbers. We generate $2.2 trillion in revenue from the income tax every single year. We import about $3.8 trillion worth of stuff into this economy every single year. So, in order to get $2.2 trillion to replace the income tax from a tariff on $3.8 trillion worth of income, you’d have to have a tariff of nearly 60% across the board, just to start, right? But what happens when you tax things? That is to say when you put tariffs on them, because tariffs aren’t taxed on imported goods that consumers pay so. When you tax things, people buy less of them, so our imports will go down, but we’ll have to still make that $2.2 trillion nut. So, our tariff rates are going to have to increase. As the tariff rates increase, the amount of stuff we’re going to buy is going to go down because when you tax stuff more, the amount of stuff you buy that is taxed goes down. And so on and so forth, until you get to a tariff rate of infinity. It’s just stupid. I can’t tell you how annoying this is to me, that we’re going to have to chase our tails on idiotic stuff like this because it’s being bandied about by a guy who, this isn’t me, this is Janet Yellen, does not understand the economy. It just. I can’t tell you how absolutely fried my brain gets when I think about this. That’s it. That’s all I’ve got.

I can’t add any more to Kai Ryssdal’s rant here. In the lead up to the election this November, do your best to stay informed.

IndieWeb Principles

I love this. Ever since the death of X/Twitter I’ve been much more focused on making sure that I control the data and content I post that means the most to me.

Own your data. Your content, your metadata, your identity.

Use and publish visible data. For humans first, machines second.

Above all, have fun. When the web took off in the 90’s people began designing personal sites with tools such as GeoCities. These spaces had Java applets, garish green background and seventeen animated GIFs. It may have been ugly and badly coded but it was fun. Keep the web weird and interesting.

Emojis as a Common Language

It’s like and, but we have developed a whole language around what these symbols mean, right? Over the course of decades. And so, if we don’t use them anymore, and everything is AI generated. If we AI generate emojis, you know, we’re not going to have a common language around them anymore. So, I wonder how many people just, kind of, default to the old emojis will just still just because they maybe understand what they mean.

Kimberly Adams isn’t wrong. People have taken emojis and integrated them into language. In some cases the emoji doesn’t equate to its actual meaning. It’s going to be interesting if that starts to fade with some of this or if it will stick around.

The Analog Web

People create these sites simply so that they exist. They are not fed to an algorithm, or informed by any trends. It is quieter and slower, meant to tether us to a more mechanical framework of the web.

This is the analog web.

I’ve mentioned it many times, but the personal site renaissance is one of my favorite things. I know they’ve existed looooong before Twitter. I go through my RSS feeds and it just feels nicer, calmer. I hope I can help contribute to it.

Edit 6/9/2024: Fixed a typo. Thanks Andrew!

Interdisciplinary Website Maker

But now-a-days, any cross-disciplinary interest is easily interpreted as a lack of specialization and dedication to craft. If you’re doing design and code, how can you be really great at either? You’re not maximizing.

I don’t think there’s anything wrong with specializing, I also don’t think there’s anything wrong with becoming a jack-of-all-trades.

Designers versus coders aside, I find it odd sometimes when people think that front end developers know no backend and vice versa. We all might be better in one area than another, but I feel like we can all contribute.

Half-Ass It

So here’s a small piece of advice, from one reformed overachiever to another (future) one: half-ass it. Pick a task, something small to start, and do it carelessly. Do half (or less) of what you would ordinarily do. Then see what happens. Consider it an experiment in which your intention is to learn, whatever the outcome. I’m betting your half-assed version is better than most people’s whole ass, but you can test that assertion yourself.

All too often people (including myself) say we’re going to do something, learn something, and then never actually do it. Doing something sloppy to learn something is often more than others do.

Don’t be afraid to admit when you don’t know something

I’ve been asked when interviewing for a front end ecommerce position how the Javascript event loop works — in detail. I told the interviewer I didn’t know, had never needed to in previous positions but was confident I could figure it out. They hired me. I’ve taken a similar tack when discussing other roles with interviewers — I don’t know, but I like to learn and I’ll figure it out. Don’t know enough React? I’ll learn. Don’t know bespoke framework/internal tool X? I’ll learn.

This is the correct mindset. Don’t try to BS through answers, people will figure it out. Learn the fundamentals and picking up new frameworks and libraries will be doable.

Start with Simple Tools

You don’t need fancy software to write. You also don’t need a £1k+ camera to take photos, the latest console to play video games, or a certificate to learn something.

I’ve seen artists use Microsoft Paint to create amazing pictures. It goes to show you don’t need fancy tools to do great things. If you’re trying something new, start with the basics and go from there.

Josh Collinsworth on CSS Gatekeeping

The question of whether CSS is a programming language serves only one purpose: to demote those who write it.

There is no confusion that needs to be clarified, and no other purpose in asking, beyond the most trivial kind of pedantry.

The debate itself is an act of gatekeeping, whether intentional or not. Its only significant effect is to elevate some work over other work, despite their essentially identical nature.

The only meaningful function of the question is segregation.

I really don’t get the whole “CSS isn’t a programming language” crowd. I see what other developers can do with CSS and am amazed. It’s something I’ve been consistently trying to improve on. The gatekeeping stuff is just BS.

Why the Short-Lived Calvin and Hobbes Is Still One of the Most Beloved & Influential Comic Strips

It took no time at all to master Garfield, but when I started getting Calvin and Hobbes, I knew I was making progress; even when I didn’t understand the words, I could still marvel at the sheer exuberance and detail of the art.

I still read Calvin & Hobbes and I’m amazed at how much more I still get out of the strips. Bits and pieces of humor, insights into life, and more still permeate the strips.

The align-content property for block layouts is now part of Baseline

There was always the running joke with how to center content. Then it became easier with CSS grid and flexbox. Now you don’t even need that.

With align-content available for block layout, you can achieve vertical alignment without needing to create a flex or grid layout for the property to work. No additional properties are needed as the item remains a block item, the only change is to the alignment.

Older Notes →