A bit of a thought experiment - similar to my Minimum Viable XSS and SVG injection investigations. I recently found a popular website which echoed back user input. It correctly sanitised < to < to prevent any HTML injection. Except… It let through <h2> elements unaltered! Why? I suspect because the output was: <h2>Your search […]
Continue reading →
I'm playing with the Oculus Quest 2. It's quite good fun. I was wandering around the International Space Station, delighting in being unshackled from gravity's harsh bonds. I came to the cupola observation module and it was so beautiful that my face broke into an involuntary smile. And it hurt. The current range of VR […]
Continue reading →
I've been a vegetarian since the turn of the century. I always felt like I should probably be vegan but, you know, cheese is delicious. Then, without warning, my body decided that producing the human lactase enzyme was for losers. Stupid body! No more cheese for me 😭 The UK has come on leaps and […]
Continue reading →
I'm a huge fan of the US Braille Institute's Atkinson Hyperlegible font. This blog is typeset in it, and I think it looks gorgeous. It's also specifically designed to be readable to people with visual impairments: Atkinson Hyperlegible differentiates common misinterpreted letters and numbers using various design techniques: There's only one problem, the font was […]
Continue reading →
Every day, extraordinary inventions and innovative ideas are side-lined in a world that remains subservient to men. But it doesn't have to be this way. Instead, ingrained ideas about men and women continue to shape our economic decisions; favouring men and leading us to the same tired set of solutions. For too long we have […]
Continue reading →
Google has recently increased the price it pays out to security researchers who responsibly disclose a vulnerability. That got me thinking. Is money the best thing with which to reward people?0 There's an interesting (if a little silly) economics paper about why gift giving is inefficient. The crux of the argument, as I understand it, […]
Continue reading →
Knowledge graphs are tricky beasts to create. Trying to extract semantic metadata from documents is a gargantuan task. Mix them together and you have a recipe for disaster. While yak-shaving for my MSc, I found an interesting looking research paper authored by one JC Shakespeare. As you can probably tell from that snippet, there is […]
Continue reading →
The other day, a company sent me a 2FA code which was only four digits long. I'll admit, this weirded me out. Surely 4 is just far too short. Right? I think almost every 2FA code I've seen has been 6 digits long. Even back in the days of carrying one of those physical RSA […]
Continue reading →
This is going to be a very unemotional, numbers-based blog post. I've rounded the figures to make it more readable. And I've put some pictures in to make it slightly more interesting. We have 5kWp of solar panels on our roof. The panels generate about 4,200kWh per year. Mostly in summer, but a decent amount […]
Continue reading →
I've just finished reviewing a few dozen CVs and Covering Letters. Almost all of them were awful! Candidates - I beg you - make this easy for me! I have been given a fixed set of scoring criteria and you've given me a 2,000 word essay on your life, loves, and hopes for the future. […]
Continue reading →