The HTTP Sky Is Falling, Says Chicken Little

Dave's explanation is just absolutely wrong, and he has to know this, he's lying to frighten you away from security; I don't know why. Google's not planning censorship, just a warning being provided that a site taking your personal information is not secure.

Will this break plain HTTP sites?
No. HTTP sites will continue to work; we currently have no plans to block them in Chrome. All that will change is the security indicator(s).
Chromium: Marking HTTP as Non-Secure

Even if Google Don't Be Evil was Evil, you could still use Free-as-in-Drugs Firefox or whatever, and can just use curl to archive sites, or even by hand:

% telnet example.com 80
GET / HTTP/1.1
Server: example.com
(hit return twice, ctrl-D to end)

But you shouldn't be trusting anything you see or entering anything on an HTTP page.

If you connect to a site over HTTP and you do not fully control the wires from your computer to the server, that site can be spoofed and spied on. If you use public wifi to talk to HTTP, your logins and credit cards WILL be stolen. Guaranteed, some jackass in your Starbucks is wiresharking your connection.

Even if you think you have a secure connection, anyone on the routers between you and the server can read your connection. Routers are not secure, they have been routinely compromised.

The only protection you have against these "Man in the Middle" attacks is TLS (successor to SSL), using HTTPS instead of HTTP, SSH instead of telnet, SFTP instead of FTP, emailing with MIME and SMTP over TLS instead of unsecured ports, iMessage or Signal instead of IRC or Twitter & Facebook "direct messages" (which have bever been hidden from their staff).

In the early days of the ARPAnet and Internet, there was no security and we couldn't do much about it, but to resist warning people about insecure sites now is irresponsible.

Deadpool 2

I don't bother to see Star Wars or anything else opening night in theatres anymore, just Deadpool, Guardians, and Tarantino if he ever releases again.

SPOILERS? Not really but I'm gonna talk about themes which you should've seen coming.

PRO:

  • Mr Pool saves the Marvel Universe by undoing all MCU movies from Avengers Colon Civil War and X-Men Colon Apocalypse on. Pity it's not canon, right?
  • Domino is cute AND effective.
  • X-Force 1.0 "because someone couldn't draw feet!" is hilarious.
  • Fight scenes are creative and fun, just like the first.
  • Broader but not as iconic musical selections as the first movie.

CON:

  • Women in Refrigerators score: 3! If you know a Hollywood writer, kill their girlfriends/spouses/any female relation to motivate them to more creatively deal with female characters.
  • Drink every time they say "faaaamily" and you'll be 99% alcohol by volume. I hate all this family shit and I blame the corpse of Paul Walker. I'd kill him again if it'd stop this "find your family" Gen-Whine shit. I also blame the rise of step-sibling/parent porn on Gen-Whine's family fetish (literally).
  • Long stretches of unfunny dramatic shit, calling someone's name instead of making an argument (I refer to this as Heathcliff/Catherine syndrome).
  • Obvious solution to kid's problem is obvious but no, then you'd be just like bad guy.

★★★½☆, it's not a great movie like the original, but sequels rarely are.

Engineering has determined that your bug report is a duplicate of another issue and will be closed

Filed a Radar (bug report) about Safari on Feb 28. They respond with the stock request for a sysdiagnose report. 10 weeks later, Apple sends the stock response that it's a dupe.

Apparently this mechanical conversation is under NDA, but I'll risk their wrath by saying I ended my bug report with:

Hi, Radar, it's been a long time since we talked, and it wasn't great last time, but I'm giving you another chance. Does anyone at Apple actually use Safari like real people use Safari, with multiple windows full of tabs? Maybe there's nobody left on the Mac/Safari teams, and I'm talking to the ether here.

The entirely automated responses don't disabuse me of this notion. Everyone in Apple may be WestWorld-style robot duplicates by now, for all I know.

Almost every other big company has a public bug-tracker; sometimes under NDA, sometimes "fuck it, we're doing it live!". I don't see how this wall of fear and ignorance Apple uses helps anyone; every Android sweatshop just copies the superficial elements of iPhones; Chrome is an awful, unusable pile of shit good only for playing Flash, but Google already copied and forked the open-source WebKit engine, there's no secrecy to be had!

Sword Art Online: Integral Factor

I hadn't realized this got released already! Why didn't you tell me?

A few hours in, I'm just about to start doing the dungeon floors at Level 10. I'm going for spears, but may have to respec for swords if I don't get more skill cards; I think it's lame to "reroll" a character for better starting loot, you take what you get.

Naturally, I named my NPC partner Black Rose, but she's toting a 2-handed axe since there's no 2-handed swords. Need to customize her appearance if I can.

If you want to send me a friend request, I'm ID 635575026.

Learn 2 JS

Almost the simplest possible tool for coding in Javascript, slightly above Hello, World!, I packaged up how I did my Advent of Code 2017 entries (up to the point I quit for lack of time/sleep). I start with something like this in every JS project, and now you can have it.

  • Setup

Download learn2js

Unzip it to Documents (or wherever you like).

Open Terminal on a Mac; or xterm on Linux; or I have no idea what the terminal/shell situation is on Windows, feel free to enlighten me.

% cd Documents/learn2js
% ls
run.sh  src
% ./run.sh
Serving HTTP on 127.0.0.1 port 8000 (http://127.0.0.1:8000/) ...

This will require you have Python3 on your system to use as a simple web server, since a browser can't open multiple local files without a web server, but there's no other Python in this.

Right-click that URL (the part in parentheses!) and open it in your browser, or copy-paste it, and you should see a simple page with an Input: box. Anything you type is uppercased, that means it's working!

  • Coding

Now edit src/main.js with your editor of choice, like BBEdit on a Mac; or Atom anywhere. Please don't use Notepad on Windows, even if it handles correct line endings now.

Should be pretty self-explanatory, the TODOs tell you where to start.

Anytime you make a change to the source, just reload the page and hit Run again. Just like hacking on BASIC code back in 1980, dudes & dudettes!

  • Exercises for the Student:
    • I didn't make a favicon for this, and you should, which will introduce you to the horrible world of W3C/WhatWG specifications.
    • You might want to move inputTable below the output div in index.html, but then it scrolls down all the time, so now you need to anchor it at the bottom and make output fixed in place and scrollable, as I do in Mainmenu… I may add that option later, but it complicates a very simple page.
    • I didn't set up eslint for this, configuring it is somewhat annoying; probably will next time I update it.
    • Setting up Node is even more of an advanced topic, and 90% of the interesting work is in front end JS like this.
  • Troubleshooting: If a change isn't appearing, you may need to empty your web cache: In Safari, turn on Develop menu from Preferences>Advanced, then Develop>Empty Caches; in Chrome, Chrome>Clear Browsing Data and then only select "Cached images and files"; I have no idea what you do in Edge on Windows. I can't easily fix that, and users would never see it, but you will.
  • License: I put all the code under BSD license, the documents under Creative Commons Share-Alike. You can keep your code more or less private (except in practice, you have to let everyone see your page to let it load!), but if you make changes, share them and link back to me. Don't be a Stallman. Note in particular, you cannot relicense this under a restrictive license like GPL, and don't just put it on github unmodified. Sorry to have to preach about this, but some people need to be told where the lines are.
  • Shipping: To let others see your masterpiece, just change DEBUG to false, upload everything in src somewhere, your own site or something like Neocities, and you're done! You only need run.sh & Python on your local system.

Eloquent Javascript

A free, up to date, possibly good book on JS programming? Flipping thru, a few things pop out at me.

This is a petty pet peeve, but I greatly dislike that he writes arrow functions without parens:

n => { return n * n; } instead of (n)=>{ return n * n; }

When they are required for multiple arguments: (x, y)=>{ return x * y; }

On first appearance, he dismisses arrow functions as just being shorter than function expressions, which is incorrect (arrows fix the 'this' reference which is never correct in function expressions). But then he consistently uses arrow functions (in his ugly parens-elided style), so crisis averted?

"Every now and then, usually between eight and ten in the evening, Jacques finds himself transforming into a small furry rodent with a bushy tail."

Which example then leads into a statistical analysis story, and the kind of data hackery that JS (and Python) are very good for.

The robot delivery example is another fairly detailed story with pathfinding, tho his algorithm is defective (it fails and/or consumes all memory forever on more complex graphs than the very simple one given).

I'll have a look at the rest of the book later.

None of the examples thus far actually build and run in a web page, or any sort of UI, except in the online document. You can copy-paste these examples into Safari's console and run them. I really don't think it's useful to learn a language outside the context of a running environment, so next post I'll give you one.

Coffee ☕️

Good morning, it is time for:

  • Coffee
  • Coffee Ipsum
    "Mazagran rich mazagran aged dripper, coffee variety at aged extraction a roast. Ut single shot espresso, coffee blue mountain organic crema shop. Macchiato, arabica americano turkish aftertaste single shot dripper. Frappuccino, white macchiato single origin carajillo, filter turkish cultivar et sugar. Single shot, that blue mountain ristretto at, wings viennese trifecta strong instant roast."
  • Black Blood of the Earth: I should try this. Or I should definitely NOT. I should try this.
  • 100 Cups of Coffee