What's the most malicious thing you can do with an injected HTML heading element?

The HTML5 Logo.

A bit of a thought experiment - similar to my Minimum Viable XSS and SVG injection investigations. I recently found a popular website which echoed back user input. It correctly sanitised < to &lt; to prevent any HTML injection. Except… It let through <h2> elements unaltered! Why? I suspect because the output was: <h2>Your search […]

Continue reading →

You can't smile in the Metaverse

Robot faced Mark Zuckerberg is wearing a VR headset - it digs painfully into his smiling cheeks.

I'm playing with the Oculus Quest 2. It's quite good fun. I was wandering around the International Space Station, delighting in being unshackled from gravity's harsh bonds. I came to the cupola observation module and it was so beautiful that my face broke into an involuntary smile. And it hurt. The current range of VR […]

Continue reading →

I'm only vegan for the money

Environmental footprints of dairy and plant-based milks Impacts are measured per liter of milk. These are based on a meta-analysis of food system impact studies across the supplychain which includes land use change, on-farm production, processing, transport, and packaging.

I've been a vegetarian since the turn of the century. I always felt like I should probably be vegan but, you know, cheese is delicious. Then, without warning, my body decided that producing the human lactase enzyme was for losers. Stupid body! No more cheese for me 😭 The UK has come on leaps and […]

Continue reading →

An update to the Atkinson Hyperlegible font

The font is displayed with a high level of blur to simulate low vision. The letters and numbers are still recognisable.

I'm a huge fan of the US Braille Institute's Atkinson Hyperlegible font. This blog is typeset in it, and I think it looks gorgeous. It's also specifically designed to be readable to people with visual impairments: Atkinson Hyperlegible differentiates common misinterpreted letters and numbers using various design techniques: There's only one problem, the font was […]

Continue reading →

Book Review: Mother of Invention - How Good Ideas Get Ignored in a World Built for Men by Katrine Marçal

Book cover.

Every day, extraordinary inventions and innovative ideas are side-lined in a world that remains subservient to men. But it doesn't have to be this way. Instead, ingrained ideas about men and women continue to shape our economic decisions; favouring men and leading us to the same tired set of solutions. For too long we have […]

Continue reading →

What's a better bug-bounty reward than money?

A tiny lego Storm Trooper eats a chocolate coin.

Google has recently increased the price it pays out to security researchers who responsibly disclose a vulnerability. That got me thinking. Is money the best thing with which to reward people?1 There's an interesting (if a little silly) economics paper about why gift giving is inefficient. The crux of the argument, as I understand it, […]

Continue reading →

Who is the author "JC Shakespeare"?

Screenshot of Google Scholar results. Shakespeare has, apparently, written about law, technology, wine, and an article in German.

Knowledge graphs are tricky beasts to create. Trying to extract semantic metadata from documents is a gargantuan task. Mix them together and you have a recipe for disaster. While yak-shaving for my MSc, I found an interesting looking research paper authored by one JC Shakespeare. As you can probably tell from that snippet, there is […]

Continue reading →

What's the optimal length for a 2FA code?

Screenshot of a text message. It says "Your one time passcode is 1031."

The other day, a company sent me a 2FA code which was only four digits long. I'll admit, this weirded me out. Surely 4 is just far too short. Right? I think almost every 2FA code I've seen has been 6 digits long. Even back in the days of carrying one of those physical RSA […]

Continue reading →

Solar Panels - payback period during a time of rising energy costs

Graph showing how much money our solar panels have earned from exporting.

This is going to be a very unemotional, numbers-based blog post. I've rounded the figures to make it more readable. And I've put some pictures in to make it slightly more interesting. We have 5kWp of solar panels on our roof. The panels generate about 4,200kWh per year. Mostly in summer, but a decent amount […]

Continue reading →

How To Write A Cover Letter For A Job

A golden envelope.

I've just finished reviewing a few dozen CVs and Covering Letters. Almost all of them were awful! Candidates - I beg you - make this easy for me! I have been given a fixed set of scoring criteria and you've given me a 2,000 word essay on your life, loves, and hopes for the future. […]

Continue reading →