Notes

The journey towards information is important. Humans retain information better they had to put effort in to get. Aimlessly browsing to find things you may not have heard of yet is as important as discovery is exciting.

I love getting lost on Wikipedia, going from one weird fact to another.

I used to love that on YouTube before everyone and their pet wanted to become an influencer and follow formulaic and manipulative patterns to create their content.

I remember first getting the internet at home in the mid-1990s and aimlessly browsing different sites on a super slow dialup connection. I’ve continued to do that of late, checking out the various blogs of the developer communities I follow on Mastodon and Bluesky. The web needs more of this.

It’s a scary thought that with some of the escalating conflict in the world, the GPS system we and the economy as a whole relies upon is vulnerable and a backup unavailable.

And because of course Congress is Congress, here’s an excerpt from the podcast.

GOWARD: Russia and China both have terrestrial systems that can give them GPS-like information in the event that signals from space are not available. Unfortunately, in the U.S., we shut ours off in 2010, and we have no sign of starting up something like that again.

WONG: Before GPS, the United States had a system called LORAN. That's an acronym for Long Range Navigation. It was a relic of World War II - a couple dozen 700-foot ground towers spread across the country that transmitted powerful radio signals - not as accurate as GPS, but it got the job done. In 2004, the Bush administration not only wanted to keep LORAN as a backup to GPS. It wanted to upgrade it to make it more precise.

GOWARD: The money for that was taken away in the various budget processes, and the old system was shut down without new replacement.

HEGYI: That shutdown happened during the Obama administration. They had a completely different view than the Bush administration and called LORAN obsolete in the era of satellite navigation. But then, a few years later, they said, oops, our bad.

GOWARD: We shouldn't have shut down that old system. We should have upgraded. We're going to do that. But again, nothing happened.

WONG: So in 2018, Congress passed a law requiring the Department of Transportation to build a backup to GPS by the year 2020, but then they didn't appropriate enough cash to do that.

Sigh...

Months later, marketing and management requests have continued non-stop and (of course) you’ve had no time to lace everything up. You think back to that fateful decision to implement a quick fix, not anticipating that the organization would utilize it on a daily basis, requiring constant updates for every unique sales avenue. In your haste, you built a system that is functionally not operable within the rest of the ecosystem—and you are now subject to that decision. As the requests take longer and longer to work, questions start to arise: “Is our developer losing his touch? Why is this taking so long when it used to take minutes?”

I feel this on a deep spiritual level. All too often we are asked to get features out the door as soon as possible to meet an immediate business need and are not always given the time later to clean the code up to make the system better.

Tech debt is real, and eventually comes for us all.

If you need to change a line of code, simply ask yourself two questions:

• Where did I get the inputs?
• Who relies on the outputs?

Answering these questions might not be simple; but, considering the code in this light removes the air of mystery and reduces the problem down to a set of quantifiable values.

Capability makes your life simpler. Tolerance, skills, knowledge, and health are always with you, wherever you go. They are assets but they take up no space. They are stored in your body.

Some lack capability through no fault of their own, but anyone can increase their capability. It’s an investment that pays dividends every day.

I listen to my music and no calls can interrupt me. No notifications can interrupt me. No in-the-moment actions can pause my music. I can take an earbud out and there's no algorithm that pauses or unpauses my music. I can't ask Siri about a song.

This is calm.

I definitely understand where Tom is coming from. While there is definitely some awesomeness to AirPods and the like, there’s still something awesome about the old school iPod.

This is why "give us your email address for 30% discount" popups and account signup forms are suddenly everywhere. Email addresses are stable, long-lived reidentifiers. Overt mechanisms like this are already replacing third-party cookies. Make no mistake: post-removal, tracking will continue for long as reidentification has perceived positive economic value. The only way to change that equation is legislation; anything else is a band-aid.

I’m kind of curious as to how much email aliases can help with this, and I don’t mean the ‘+’ in the email trick. I use FastMail for my email and can create truly unique emails for services I sign up for. Granted they all share the same domain, but they’re still different. It’s obviously not a panacea, but maybe something?

Not to diminish the harm that can come from layoffs—they can absolutely be traumatic and devastating, and we desperately need better safety nets. But I also want to name the sense of relief and opportunity that often emerges after a big rupture, the generative combination of fuck it and what’s possible now? energy that leads people in directions they had long considered impractical but which now seem ripe for exploration. I see this experience a bit like what happens after an intense fire burns a stretch of forest down to ash: seeds that were dormant and waiting for just that moment suddenly germinate and stretch up to the clear, bright sun.

A secret I share about these transitions is that big changes only make sense in hindsight. Some day, years from now most likely, you’ll look back and tell a beautiful story of getting laid off or fired or whathaveyou, and how from that dark and terrible moment came a new beginning. But when you are in the thick of it, when you don’t yet have the gift of a rearview mirror, it won’t feel anything like providence. You’ll feel like you’re flailing about and you’ll want to scream or cry or both at the same time. Your boots will stick in the mud and your ropes will fray and you’ll lose your flint on the coldest night. It will be chaos. But it was chaos that birthed the universe. It is from chaos that many great stories begin. You’ll tell yours in time. First, you have to live it.

Just a thought about tough times...

It looks like everyone's favourite FIDO token provider might have an unpatchable vulnerability! Much Sturm und Drang from the usual sources. But how bad is it really? Not so bad - but it does expose some weaknesses in the very idea of having physical tokens.

It also looks like the attacker will need:

• Physical access to key
• Username & password tied to account protected by key
• $11,000 worth of equipment

So yes, it doesn’t seem to be an “easy” attack, but geez…it’s always something.

Samsung and Google provide Android OS updates and security updates for seven years. Apple halts servicing products seven years after they stop selling them.

That might not cut it in the auto world, where the average age of cars on US roads is only going up. A recent report found that cars and trucks just reached a new record average age of 12.6 years, up two months from 2023. That means the car software hitting the road today needs to work—and maybe even improve—beyond 2036. The average length of smartphone ownership is just 2.8 years.

It’s not something that you might think about, but with all the technology in cars, how long will the tech be supported? Cars can last a long time if well maintained. Tech seems to be somewhat expendable.

My Honda Civic is now 10 years old and I don’t plan on getting rid of it anytime soon. The only “tech” I have in my car is the standard entertainment system, but newer cars have a whole lot more between cellular connectivity and much more.

Is it all going to be maintained and supported? Are security updates going to continue for the life of the car? What will GM, Ford, Honda and others consider the “life of the car”?

Chances are, the things you don’t like about CSS are the things you haven’t bothered to understand about it.

I will say, I did have gripes with CSS early in my career. The more I’ve used it though, the more I’ve grown to understand it. It can take some time to wrap your head around it. Dismissing it out of hand is not the answer.

My brothers and sisters in Christ I want you to know that I care about your souls enough to share these truths with you:

• You don’t need JavaScript to make a web page.
• You don’t need JavaScript to write styles.
• You don’t need JavaScript to make an animation
• You don’t need JavaScript just to show content.

I take pride in that my site limits its use of JavaScript. JS certainly has its place and I do use it, but boy do some developers rely on it for tasks that just don’t need it.

You don’t need a framework to render static content to the end user. Stop creating complex solutions to simple problems

Amen.

Every piece of code is a potential vulnerability, really. Not just dependencies.

But code that you don’t own, that’s outside your control, is particularly vulnerable.

One of the big myths of using frameworks and libraries and cloud services is that you no longer have the “own” that piece of the code. You’re benefiting from someone else having already solved it.

We deal with this a lot at my job and I think it's important to take note of. We thankfully have dependency checkers to catch known vulnerabilities in the packages we reference so issues are hopefully caught and identified sooner rather than later. But the fact remains that we can be at the mercy of the frameworks and libraries to fix them.

Third party developers could abandon their libraries or they only fix it in a version that has breaking changes compared with the version you're using. Either way, it means that you're now in a bind with your website or app.

This is not to say don't use third party libraries or frameworks. Most developers are fantastic and are legitimately doing their best to write good software. But it should cause you to do at least two things. First, be mindful of what dependencies you use. Second, do what you can to make sure you, and/or your company support the open source developers who make the tools you use.