As previously discussed, I'm doing the Certified Blockchain Professional course. It is self-directed learning, so I'm going through it at my own pace. In order to consolidate my learning, and help organise my thoughts, I'm blogging about my reflections on each module. These are mostly notes to myself - but I hope if you find something interesting (or incorrect) that you'll leave a comment. A short and pointless chapter. No real discussion of how DAOs actually work, or example code. No…
Continue reading →
Not really a security issue, but one which I thought was worth highlighting. It shows the peril of slightly vague specifications. When you scan a 2FA token into your authenticator app via QR code, you get presented with a bunch of information about your account. This lets you store things like the issuer and the account name. I recently scanned a code, and it displayed my name as Terence+Eden. Which was a bit weird. Try it yourself: Checking the raw output of the code, shows the…
Continue reading →As previously discussed, I'm doing the Certified Blockchain Professional course. It is self-directed learning, so I'm going through it at my own pace. In order to consolidate my learning, and help organise my thoughts, I'm blogging about my reflections on each module. These are mostly notes to myself - but I hope if you find something interesting (or incorrect) that you'll leave a comment. Again, a terribly written & edited chapter. I had to revert to the sources on Wikipedia to understand…
Continue reading →
Yes yes, Cunningham's law etc etc! I want to play around with 2FA codes. So, I started looking for the specification. Turns out, there isn't one. Not really. IANA has a provisional registration - but no spec. It links to an archived Google Wiki which, as we'll come on to, isn't sufficient. There's some documentation from Yubico which is mostly a copy of the Google wiki with some incompatible tweaks. The Internet Initiative Japan has a subtly different spec which includes an icon parameter…
Continue reading →
Exactly a decade ago, I asked "Why Can't Red Dwarf Predict The Future?" That is - sci-fi writers can imagine interstellar travel and sentient computers, but they think the future will still involve developing film photographs, library fines, and 3-pin electrical plugs. At the end of the post, I said: Here are my thoughts on some trivial aspects of our lives which - if put in a sci-fi film - would draw hoots of derision from an audience from the year 2022. Traffic jams. Attracting a …
Continue reading →
This is quite the epitome of yak-shaving! Suppose you have an article written in HTML. The basic layout might be something like: <body> <main> <article> The content of your article ... Pretty standard. Now suppose you let users add comments to the article. I have two questions: Where in the tree should they go? What HTML element should be used to group them? It is, I think, a question where reasonable parties can justifiably come to distinctly different…
Continue reading →
Well, this is an unexpected treat! What happens if you build a maze you can't get out of? How many people do you inadvertently drag in to your craziness? Are you responsible if they get hurt by the traps you set for yourself? Remember that 1990s horror movie "Cube"? This has exactly the same vibe. Except all the rooms are made of cardboard. And the deaths are… well, no spoilers - but funny. It is billed as a comedy-horror. But the horror isn't visceral - and the comedy is close to absurdist. …
Continue reading →
