A bit of a thought experiment - similar to my Minimum Viable XSS and SVG injection investigations. I recently found a popular website which echoed back user input. It correctly sanitised < to < to prevent any HTML injection. Except… It let through <h2> elements unaltered! Why? I suspect because the output was: <h2>Your search for ... returned no results</h2> And, somehow, the parser was getting confused. OK, what can we do with this little vector? The first thought is to u…
Continue reading →
I'm playing with the Oculus Quest 2. It's quite good fun. I was wandering around the International Space Station, delighting in being unshackled from gravity's harsh bonds. I came to the cupola observation module and it was so beautiful that my face broke into an involuntary smile. And it hurt. The current range of VR headsets have to be strapped tight to your face. In order to prevent your eyes going out of alignment with the lenses or the focus suddenly changing, the mask clings tight to…
Continue reading →
I've been a vegetarian since the turn of the century. I always felt like I should probably be vegan but, you know, cheese is delicious. Then, without warning, my body decided that producing the human lactase enzyme was for losers. Stupid body! No more cheese for me 😭 The UK has come on leaps and bounds in the last 20 years. When I first became a salad-aficionado, the vegetarian options in most restaurants was either a mushroom risotto or to go hungry. Nowadays, even the most ardently pr…
Continue reading →
I'm a huge fan of the US Braille Institute's Atkinson Hyperlegible font. This blog is typeset in it, and I think it looks gorgeous. It's also specifically designed to be readable to people with visual impairments: Atkinson Hyperlegible differentiates common misinterpreted letters and numbers using various design techniques: There's only one problem, the font was released a few years ago and hasn't been updated since. It covers most of the basic European letters, numbers, accents, and…
Continue reading →
Every day, extraordinary inventions and innovative ideas are side-lined in a world that remains subservient to men. But it doesn't have to be this way. Instead, ingrained ideas about men and women continue to shape our economic decisions; favouring men and leading us to the same tired set of solutions. For too long we have underestimated the consequences of sexism in our economy, and the way it holds all of us - women and men - back. This is a cracking book. Similar in scope to…
Continue reading →
Google has recently increased the price it pays out to security researchers who responsibly disclose a vulnerability. That got me thinking. Is money the best thing with which to reward people? There's an interesting (if a little silly) economics paper about why gift giving is inefficient. The crux of the argument, as I understand it, is that gift-givers rarely know what recipients need or want. So they give gifts which aren't optimal. Your aunt gets you a blue cardigan. But you'd rather have …
Continue reading →
Knowledge graphs are tricky beasts to create. Trying to extract semantic metadata from documents is a gargantuan task. Mix them together and you have a recipe for disaster. While yak-shaving for my MSc, I found an interesting looking research paper authored by one JC Shakespeare. As you can probably tell from that snippet, there is something a bit hinkey going on here. Here's the page that Google Scholar has scraped: It's pretty easy to see what has happened here. The algorithm (whether …
Continue reading →
The other day, a company sent me a 2FA code which was only four digits long. I'll admit, this weirded me out. Surely 4 is just far too short. Right? I think almost every 2FA code I've seen has been 6 digits long. Even back in the days of carrying one of those physical RSA fobs, 6 has been the magic number. But why? A 2FA code is meant to prevent a specific class of problem. If an attacker has got hold of something you are (your username) and something you know (your password), you are…
Continue reading →
This is going to be a very unemotional, numbers-based blog post. I've rounded the figures to make it more readable. And I've put some pictures in to make it slightly more interesting. We have 5kWp of solar panels on our roof. The panels generate about 4,200kWh per year. Mostly in summer, but a decent amount in winter. Over a year, we export about 2,800kWh. That is what we sell back to the grid. We get paid an average of about £0.22 for every kWh we export. That's about £600 per year …
Continue reading →
I've just finished reviewing a few dozen CVs and Covering Letters. Almost all of them were awful! Candidates - I beg you - make this easy for me! I have been given a fixed set of scoring criteria and you've given me a 2,000 word essay on your life, loves, and hopes for the future. I've only got a few minutes per candidate to read, digest, rank, and score each application. Here's my 100% guaranteed method for maximising the impact of your cover letter. Address the selection criteria. …
Continue reading →
The Meta Quest 2 is almost amazing. It is a tantalising glimpse of a future which isn't quite here yet. I dislike Facebook's Meta's vision of the Metaverse - but the tech is undoubtedly fun when it works. I remember using VR way back in the 1990s. When on holiday, games arcades often had a VR helmet. I wasted all my pocket money on virtual tanks, creeping through virtual dungeons, and generally feeling virtually claustrophobic. A few years ago I tinkered around with Google Cardboard.…
Continue reading →
Binti is an absolute treat. I've not read much Afro-Futurism, but what I have has been truly excellent and entertaining. What is it like to try to honour your ancestors while feeling the call for adventure? It's a topic which has been explored ad infinitum but rarely with such passion. Why do old men fear powerful young women? Binti isn't Buffy - she's a much more complex cipher for a million people trapped between tradition and the future. Okorafor has taken the basic hero's journey and…
Continue reading →
