tommorris.org

Discussing software, the web, politics, sexuality and the unending supply of human stupidity.



That tense moment when you agree to upgrade Apple’s Command Line Tools and wonder whether it is going to break everything you are working on.


Looks like the Southbank skaters have won their campaign to keep the skatepark open. This is a pretty encouraging example of a community fighting to keep space open for just having fun and enjoying yourself rather than Yet Another Fucking Starbucks.

Also, it is a small example of young people fighting for shit and winning. Which is a nice change from the depressing gerontocracy that is contemporary British democratic politics.


Just ran across this: Mark Zuckerberg reckons anyone who keeps distinct identities is lacking in “integrity”.

This, incidentally, might be why Facebook is so keen to require drag queens use their real names. (Because that kind of shit worked great when G+ did it.)

The demand that you live with “integrity” always is kind of a weird privileged thing. Last weekend, I was walking home late at night with another man, and someone drove by in a van and shouted the word “queer!” out of the window at us. I have a pretty thick skin and such things don’t phase me so much as just surprise and annoy me. Some fuckwit shouting at me isn’t going to stop me from holding hands with whoever the fuck I want.

But let’s say they were threatening physical violence. I certainly wouldn’t have the same attitude. I quite like not being dead. Under Zuckerberg’s views on identity, that shows a lack of integrity. I’m okay with losing some integrity if it is necessary to not end up in hospital or in a coffin.

Fortunately, being white, male and in a financially secure position, like Mark Zuckerberg, these are not decisions I have to contemplate very often. It’d be nice if people like Zuckerberg could consider the position of people less like himself.



U2 will go down in history as having pioneered the revolutionary album-as-malware genre.


I’ve managed to resist the urge to say much about the Scottish referendum, but I shall say this. If Scotland votes to leave the Union, it’ll truly suck for Cameron to go down in history as the Prime Minister who lost Scotland.




I still don’t understand the point of smart watches. Pretty much the best thing about the rise of the mobile phone is the guarantee of me never having to buy or wear another watch ever.

I have enough things that endlessly chirp at me about email that I don’t want to physically strap another email notifier onto my arm.

Also, if I wanted a bloody watch, I’d buy one with a longer battery life than a smartphone.


The Cult of Sharing is a very interesting article on “sharing economy” companies, how marketers are using the techniques of cults to get consumers to buy into the idea that brands provide counter-cultural meaning, and how progressive talk about “community” and “sharing” are being exploited to push a radical libertarian capitalist agenda.




Camels with Hammers has an interesting post a month or so back about labels—especially ‘gay’, ‘trans’ and ‘cis’. I’ve never understood people who get very angry about the very concept of labelling.

They say things like “oh, we shouldn’t need to categorise ourselves, we should just be beyond labels”. Which is fine, except that labels serve a real-world purpose. All this postmodern, post-label nonsense comes crashing down when you actually want a shag at which point self-assigning a few labels (hashtags? shudder) serves an important practical goal. I’m sure C.S. Pierce would approve.


Why you need to care about HTTPS

(Yes, even you with the content-focussed site.)

One of the recurring themes from IndieWebCamp this weekend in Brighton was a desire to get a lot more websites SSL-enabled. It became something of a friendly competition: with both the level scheme laid out on the IndieWeb wiki and the Qualsys SSL Labs report generator, a bunch of sites which did not have HTTPS before today now do, including my own.

Qualsys rate tommorris.org A+ on the SSL front. It’s not perfect: there’s still stuff on the website that is mixed content (that is, both HTTP and HTTPS on the same website) in the archives, although I’ll be working to reduce the amount of stuff I post that isn’t HTTPS enabled.

For a long time, the standard policy for a lot of people has been “HTTPS is important for interactive sites, but isn’t really needed for content sites”. This has a certain level of truth. If you are collecting user data—requiring people to login—you should be using HTTPS. It’s not a negotiable. E-commerce sites, social networking sites, dating sites, email sites, web applications, forums—pretty much anything you are expecting people to login to should be HTTPS only to protect the user from having their packets sniffed between you and them.

But what about those “content sites”? Those sites that just publish content for you to read with no expectation of you interacting? Blogs, for instance.

You still need SSL. Especially if you write about anything controversial. Politics, religion, sexuality and so on. With HTTPS turned on, those sniffing the packets going between client and server will spot only that there is communication with your web server—the exact request made is not revealed.

I am already aware that in at least one evangelical Christian high school in New Zealand, I am filtered as a purveyor of immoral and unchristian lifestyles. I’m assuming it is because of my use of the Ruby programming language rather than for being a hell-bound atheist sodomite. But I’m hoping that now the repressed subjects of other censorship-based societies can worry slightly less about the exact pages they are reading on my site being disclosed to their censorious masters. That’s worth a tenner a year and a few minutes futzing around with Nginx config files.

HTTPS is not NSA or GCHQ proof. SSL certificates are issued by Certification Authorities (CAs) and if you don’t think that the CAs are in league with the government, you are very naïve. Read up on DigiNotar. Ideally, at some point, we’ll also do something like Monkeysphere so that we can apply GPG-style Web of Trust principles to HTTPS. I trust security-conscious wise Unix neckbeard types to verify identities far more than I trust big companies in the pay of surveillance states that put on an elaborate show of being liberal democracies.

NSA and GCHQ proof is a tall order. There are lots of scumbags trying to spy on you that aren’t NSA or GCHQ. Even if we can’t defeat the surveillance state, we can fight against corrupt ISPs, corporations and universities monitoring and censoring the web on behalf of those in their charge.

And, yes, HTTPS/SSL sucks in a lot of ways. But you still need to do it. CAs are kind of craptastic. The experience of setting up HTTPS is annoying—although it is a lot less painful with Nginx than it ever was with Apache. If you publish a website, set up SSL. It’s not very painful and so long as you do it right, you are helping protect your users from some forms of surveillance and privacy intrusion.

(Next on the “let’s be less creepy” front: switching out Google Analytics for something like Piwik. I went with GA because I’m lazy. But there’s no point building independent tooling for the web and still giving a load of user data to Google given they seem to be creatively reinterpreting the whole not being evil thing these days.)






The economics of film and digital

I’m on the train down to Brighton and I’m noodling in Aperture. It’s nice having a creative outlet that unlike writing (in a non-fiction sense) copes with having only a flimsy connection to the Internet.

I was just looking at the photos I took yesterday with my X-Pro1 and realised that the frame counter is now at 9,208. And that Fuji unlike Sony pad their frame counter with only four zeros rather than five.

9,208 exposures is quite a few, especially as someone who has done film in the past, precisely because of the economics of film. Let’s imagine you’d taken 9,208 photos on 36 exposure 135 film.

9,208 ÷ 36 = 257.7

I pay about £3 for a roll of reasonable quality film (XP2, FP4, Velvia, Astia etc.)

I used to develop my black and white films at home, but let’s say I’d shot colour negatives. The lab a family member uses to develop their C-41 rolls charges around £10 for C-41-ing a roll of 135 or 120 and returning quite a nice set of prints.

257 rolls of film: £771

C-41 dev & proof prints for 257 rolls of film: £2,570

I suddenly feel a lot less guilty for the money I spend on shiny expensive photographic toys.

Even old romantics like me will at some point soon realise that much as we will weep for the departing of Kodachrome and Tri-X and Neopan and Agfa Ultra, the future is here, and it has certain advantages.