I am using Auth0's Symfony library to allow users to log in with their social network providers. It works really well. Using this firewall configuration, a user who visits /private is successfully taken through the login flow and I can then use $this->getUser() to see their details. security: password_hashers: Symfony\Component\Security\Core\User\PasswordAuthenticatedUserInterface: 'auto' providers: users_in_memory: { memory: […]
Continue reading →How do you stop people accessing data they shouldn't?
I used to work in a call centre for a Very Big Company. Every week, without exception, we'd get a bunch of new starters to train. And every week, without exception, a newbie would be fired after looking up a famous person's data. This was in the days before GDPR. There was a lot less […]
Continue reading →Does AI mean we don't need the Semantic Web?
If you hang around with computerists long enough, they start talking about the Semantic Web. If you can represent human knowledge in a way that's easy for computers to understand it will be transformative for information processing. But computers, traditionally, haven't been very good at parsing ambiguous human text. Suppose you saw this text written […]
Continue reading →Responsible Disclosure: arXiv - redirect on login
Suppose you are sent a link to a website - e.g. https://example.com/page/1234 But, before you can access it, you need to log in. So the website redirects you to: https://example.com/login?on_success=/page/1234 If you get the password right, you go to the original page you requested. Nice! But what happens if someone manipulates that query string? Suppose […]
Continue reading →Fonts with threatening auras
I was browsing the web recently when I can across this utter horror show of a font. Warning, not for the faint of heart. The thing is, I can't adequately describe why I - and many others - find it so disturbing. In all my years of reading English, I've never found a font which […]
Continue reading →Review: Rachel Bloom "Death, Let Me Do My Special"
I've never heard such whooping and hollering from a Bloomsbury Theatre audience. When Rachel Bloom prances on to the stage it is like seeing a revivalist preacher work the faithful. It would have been so easy for Bloom to rest on her laurels and give a "best of Bloom" revue - the crowd would have […]
Continue reading →What's the best thing you've ever won in a competition?
When I was... Oooh... 8 or 9 I entered a "count the number of spots on the giraffe" competition one summer holiday. Apparently I was the only child who noticed that there was a spot on the tail, so I won a YEAR'S SUPPLY of Cadbury's Curly Wurlys. Nothing I've ever won since has lived […]
Continue reading →The limits of CSS styling select options
Sometimes you learn the most from failures! I wanted a <select multiple> element where the <options> were laid out in a grid. I nearly got there. It's possible to have the <option>s in a horizontal row - but only on Chrome and Firefox. Here's a quick fiddle showing the results: As you can see, it's […]
Continue reading →Review: GreenChef / HelloFresh meal boxes
I'm a reasonably adventurous eater - but a rather underwhelming cook. So I thought I'd give these "posh ready-meals" a go. The pitch is simple. GreenChef will send you a big box of ingredients and a bunch of recipes to follow. You get exactly 175g of tomatoes, a precise number of lentils, and a sachet […]
Continue reading →The new .zip TLD is going to cause some problems
Many years ago, Google applied for the .zip Top Level Domain. ICANN, in its infinite wisdom, granted it. And now, I think, bad things are going to happen. You see computers try to be helpful. They see you wrote "visit example.com" and autolink the thing which looks like a domain name. That's handy - especially […]
Continue reading →