tommorris.org

Discussing software, the web, politics, sexuality and the unending supply of human stupidity.


I still don’t understand the point of smart watches. Pretty much the best thing about the rise of the mobile phone is the guarantee of me never having to buy or wear another watch ever.

I have enough things that endlessly chirp at me about email that I don’t want to physically strap another email notifier onto my arm.

Also, if I wanted a bloody watch, I’d buy one with a longer battery life than a smartphone.


The Cult of Sharing is a very interesting article on “sharing economy” companies, how marketers are using the techniques of cults to get consumers to buy into the idea that brands provide counter-cultural meaning, and how progressive talk about “community” and “sharing” are being exploited to push a radical libertarian capitalist agenda.




Camels with Hammers has an interesting post a month or so back about labels—especially ‘gay’, ‘trans’ and ‘cis’. I’ve never understood people who get very angry about the very concept of labelling.

They say things like “oh, we shouldn’t need to categorise ourselves, we should just be beyond labels”. Which is fine, except that labels serve a real-world purpose. All this postmodern, post-label nonsense comes crashing down when you actually want a shag at which point self-assigning a few labels (hashtags? shudder) serves an important practical goal. I’m sure C.S. Pierce would approve.


Why you need to care about HTTPS

(Yes, even you with the content-focussed site.)

One of the recurring themes from IndieWebCamp this weekend in Brighton was a desire to get a lot more websites SSL-enabled. It became something of a friendly competition: with both the level scheme laid out on the IndieWeb wiki and the Qualsys SSL Labs report generator, a bunch of sites which did not have HTTPS before today now do, including my own.

Qualsys rate tommorris.org A+ on the SSL front. It’s not perfect: there’s still stuff on the website that is mixed content (that is, both HTTP and HTTPS on the same website) in the archives, although I’ll be working to reduce the amount of stuff I post that isn’t HTTPS enabled.

For a long time, the standard policy for a lot of people has been “HTTPS is important for interactive sites, but isn’t really needed for content sites”. This has a certain level of truth. If you are collecting user data—requiring people to login—you should be using HTTPS. It’s not a negotiable. E-commerce sites, social networking sites, dating sites, email sites, web applications, forums—pretty much anything you are expecting people to login to should be HTTPS only to protect the user from having their packets sniffed between you and them.

But what about those “content sites”? Those sites that just publish content for you to read with no expectation of you interacting? Blogs, for instance.

You still need SSL. Especially if you write about anything controversial. Politics, religion, sexuality and so on. With HTTPS turned on, those sniffing the packets going between client and server will spot only that there is communication with your web server—the exact request made is not revealed.

I am already aware that in at least one evangelical Christian high school in New Zealand, I am filtered as a purveyor of immoral and unchristian lifestyles. I’m assuming it is because of my use of the Ruby programming language rather than for being a hell-bound atheist sodomite. But I’m hoping that now the repressed subjects of other censorship-based societies can worry slightly less about the exact pages they are reading on my site being disclosed to their censorious masters. That’s worth a tenner a year and a few minutes futzing around with Nginx config files.

HTTPS is not NSA or GCHQ proof. SSL certificates are issued by Certification Authorities (CAs) and if you don’t think that the CAs are in league with the government, you are very naïve. Read up on DigiNotar. Ideally, at some point, we’ll also do something like Monkeysphere so that we can apply GPG-style Web of Trust principles to HTTPS. I trust security-conscious wise Unix neckbeard types to verify identities far more than I trust big companies in the pay of surveillance states that put on an elaborate show of being liberal democracies.

NSA and GCHQ proof is a tall order. There are lots of scumbags trying to spy on you that aren’t NSA or GCHQ. Even if we can’t defeat the surveillance state, we can fight against corrupt ISPs, corporations and universities monitoring and censoring the web on behalf of those in their charge.

And, yes, HTTPS/SSL sucks in a lot of ways. But you still need to do it. CAs are kind of craptastic. The experience of setting up HTTPS is annoying—although it is a lot less painful with Nginx than it ever was with Apache. If you publish a website, set up SSL. It’s not very painful and so long as you do it right, you are helping protect your users from some forms of surveillance and privacy intrusion.

(Next on the “let’s be less creepy” front: switching out Google Analytics for something like Piwik. I went with GA because I’m lazy. But there’s no point building independent tooling for the web and still giving a load of user data to Google given they seem to be creatively reinterpreting the whole not being evil thing these days.)






The economics of film and digital

I’m on the train down to Brighton and I’m noodling in Aperture. It’s nice having a creative outlet that unlike writing (in a non-fiction sense) copes with having only a flimsy connection to the Internet.

I was just looking at the photos I took yesterday with my X-Pro1 and realised that the frame counter is now at 9,208. And that Fuji unlike Sony pad their frame counter with only four zeros rather than five.

9,208 exposures is quite a few, especially as someone who has done film in the past, precisely because of the economics of film. Let’s imagine you’d taken 9,208 photos on 36 exposure 135 film.

9,208 ÷ 36 = 257.7

I pay about £3 for a roll of reasonable quality film (XP2, FP4, Velvia, Astia etc.)

I used to develop my black and white films at home, but let’s say I’d shot colour negatives. The lab a family member uses to develop their C-41 rolls charges around £10 for C-41-ing a roll of 135 or 120 and returning quite a nice set of prints.

257 rolls of film: £771

C-41 dev & proof prints for 257 rolls of film: £2,570

I suddenly feel a lot less guilty for the money I spend on shiny expensive photographic toys.

Even old romantics like me will at some point soon realise that much as we will weep for the departing of Kodachrome and Tri-X and Neopan and Agfa Ultra, the future is here, and it has certain advantages.



to emote (verb): post to emoj.li.

to remote (verb): repost an emoj.li message to someone else.

Hashjli (noun): an emoj.li post utilising the #⃣ emoji as a form of hashtagging.

—™👬




Overheated rhetoric on Utah's polygamy case

Today, you will see lots of lots of news outlets writing stories like this about the striking down of a Utah law on polygamy. And you’ll see a lot of people spewing a lot of bullshit about it.

Let’s clear one thing up: the law is on polygamous cohabitation, not polygamous marriage.

The defendants in the case—reality TV star Kody Brown and his multiple not-legally-married wives—challenged the law which made it illegal for them to cohabit. That is what has been struck down. It makes it so that this family which is polygamous can live together without threat of criminal prosecution for cohabitation. It doesn’t make it so that they can legally enter into a polygamous marriage.

Of course, “Utah judge strikes down polygamy ban” is a far more exciting headline than “Utah judge makes it so people can live together without fear of prosecution”. Despite the mention of polygamy, this actually has nothing to do with marriage, just Utah striking down a moronic law preventing cohabitation that they ought to know would be against the freedom of assembly clause. No other states have this kind of law, because it’s moronic.

This ruling changes nothing about who is allowed to get married. All it changes is whether or not people engaging in religious polygamy without actually getting legally married are criminally sanctioned or not. Polygamists in Utah are just as disallowed from getting into polygamous marriages today as they were before this ruling.

Feel free to interpret overblown claims of how this is all because evil dastardly gays redefined marriage accordingly. Why let facts get in the way of a whole lot of moralising?


Google have done something amazing: made adware and spyware acceptable among hackers.