A bit of a thought experiment - similar to my Minimum Viable XSS and SVG injection investigations. I recently found a popular website which echoed back user input. It correctly sanitised < to < to prevent any HTML injection. Except… It let through <h2> elements unaltered! Why? I suspect because the output was: <h2>Your search for ... returned no results</h2> And, somehow, the …
Continue reading →
I'm playing with the Oculus Quest 2. It's quite good fun. I was wandering around the International Space Station, delighting in being unshackled from gravity's harsh bonds. I came to the cupola observation module and it was so beautiful that my face broke into an involuntary smile. And it hurt. The current range of VR headsets have to be strapped tight to your face. In order to prevent your eyes …
Continue reading →
I've been a vegetarian since the turn of the century. I always felt like I should probably be vegan but, you know, cheese is delicious. Then, without warning, my body decided that producing the human lactase enzyme was for losers. Stupid body! No more cheese for me 😭 The UK has come on leaps and bounds in the last 20 years. When I first became a salad-aficionado, the vegetarian options in most r…
Continue reading →
I'm a huge fan of the US Braille Institute's Atkinson Hyperlegible font. This blog is typeset in it, and I think it looks gorgeous. It's also specifically designed to be readable to people with visual impairments: Atkinson Hyperlegible differentiates common misinterpreted letters and numbers using various design techniques: There's only one problem, the font was released a few years ago and…
Continue reading →
Every day, extraordinary inventions and innovative ideas are side-lined in a world that remains subservient to men. But it doesn't have to be this way. Instead, ingrained ideas about men and women continue to shape our economic decisions; favouring men and leading us to the same tired set of solutions. For too long we have underestimated the consequences of sexism in our economy, and the…
Continue reading →
Google has recently increased the price it pays out to security researchers who responsibly disclose a vulnerability. That got me thinking. Is money the best thing with which to reward people? There's an interesting (if a little silly) economics paper about why gift giving is inefficient. The crux of the argument, as I understand it, is that gift-givers rarely know what recipients need or…
Continue reading →
Knowledge graphs are tricky beasts to create. Trying to extract semantic metadata from documents is a gargantuan task. Mix them together and you have a recipe for disaster. While yak-shaving for my MSc, I found an interesting looking research paper authored by one JC Shakespeare. As you can probably tell from that snippet, there is something a bit hinkey going on here. Here's the page that…
Continue reading →
The other day, a company sent me a 2FA code which was only four digits long. I'll admit, this weirded me out. Surely 4 is just far too short. Right? I think almost every 2FA code I've seen has been 6 digits long. Even back in the days of carrying one of those physical RSA fobs, 6 has been the magic number. But why? A 2FA code is meant to prevent a specific class of problem. If an attacker…
Continue reading →
This is going to be a very unemotional, numbers-based blog post. I've rounded the figures to make it more readable. And I've put some pictures in to make it slightly more interesting. We have 5kWp of solar panels on our roof. The panels generate about 4,200kWh per year. Mostly in summer, but a decent amount in winter. Over a year, we export about 2,800kWh. That is what we sell back to…
Continue reading →
I've just finished reviewing a few dozen CVs and Covering Letters. Almost all of them were awful! Candidates - I beg you - make this easy for me! I have been given a fixed set of scoring criteria and you've given me a 2,000 word essay on your life, loves, and hopes for the future. I've only got a few minutes per candidate to read, digest, rank, and score each application. Here's my 100%…
Continue reading →
The Meta Quest 2 is almost amazing. It is a tantalising glimpse of a future which isn't quite here yet. I dislike Facebook's Meta's vision of the Metaverse - but the tech is undoubtedly fun when it works. I remember using VR way back in the 1990s. When on holiday, games arcades often had a VR helmet. I wasted all my pocket money on virtual tanks, creeping through virtual dungeons, and…
Continue reading →
Binti is an absolute treat. I've not read much Afro-Futurism, but what I have has been truly excellent and entertaining. What is it like to try to honour your ancestors while feeling the call for adventure? It's a topic which has been explored ad infinitum but rarely with such passion. Why do old men fear powerful young women? Binti isn't Buffy - she's a much more complex cipher for a million…
Continue reading →
