Well I just successfully encoded my first ASN.1 structure with the help of a 3rd-party library and it only took me about 10 minutes to create the equivalent of [5] in JavaScript:

forge.asn1.create(forge.asn1.Class.UNIVERSAL, forge.asn1.Type.SEQUENCE, true, [ forge.asn1.create(forge.asn1.Class.UNIVERSAL, forge.asn1.Type.INTEGER, false, forge.asn1.integerToDer(5).getBytes())])

That’s WITH A LIBRARY. A sizable library. And why? To tell Let’s Encrypt: ocspMustStaple = true

ASN.1 is devil spawn.

PS. Here it is if you want to use it. Just download it somewhere and add its path to the Icon field in your kitty.desktop file (GNOME/Ubuntu/etc.)

Show thread

ASN.1 is the biggest middle finger to humanity that nobody’s ever heard of. This is my opinion and I’m sticking by it.

Our car insurance is due to be renewed in April. This is what my Apple News feed looks like right now.

Apple protects your privacy my ass.

Imagine how bad someone’s code must be* that not only does it make you implement your own library via an RFC from scratch but that now it has you learning ASN.1 – fucking ASN.1 FFS – because you don’t want a single line of it anywhere near your app.


* hint: centralised telemetry added to nearly every module of what is supposedly an open source project bad

ASN.1 Made Easy


PS. If you ever find yourself needing this… I’m sorry. I know. Things will get better. Please stop crying.

Just updated my blog post on Apple killing Offline Web Apps with questions after they silently updated their blog post (thanks for the heads up @xerz).

I’m now confused and wondering if they thought this out at all.

I’ve also added a link to @soapdog’s blog post on the same subject.


@soapdog @humanetech @aral hmm, after reading the comments in HN I decided to check the WebKit post twice, and they do say "We do not expect the first-party in such a web application to have its website data deleted."

"It is not the intention of Intelligent Tracking Prevention to delete website data for first parties in web applications."

so, we're safe here?

@humanetech @aral

I also posted my own post there at:


I wrote it after reading Aral's and realizing the PWA I'm building will not be usable by Apple's users.

This is a constant inspiration to me. (image via Wikimedia commons)

(And just to be clear, that’s all “local storage”, not just LocalStorage – Indexed DB, etc.)

Show thread

Of course, if Apple were actually serious about protecting your privacy, they’d implement all this in their News app also. They won’t. And they won’t allow content blockers work in it either. Because just like every other trillion-dollar corporation, they’re massive hypocrites.

Show thread

Block all third-party cookies, yes, by all means. But deleting Local Storage after 7 days effectively blocks any future decentralised apps using the browser (client side) as a trusted replication node in a peer-to-peer network. And that’s a huge blow to the future of privacy.

Show thread

So Apple just threw the baby out with the bathwater and killed offline web apps (unless you’re cool with all your data being deleted if you don’t use an app for a week). You’d almost think they had an App Store to promote or something.



Updated my little missing required argument joke module for Node.js with @Paul’s suggestion to use Error.captureStackTrace (neat, thanks, Paul!) and, because I have no life, it now has 100% code coverage ;P

Also, thanks to @severo_bo who uncovered prior art from two years ago – there goes the patent and the riches… oh, well :)


Blog post: ar.al/2020/03/23/fail-fast-on-

I’ve written a basic intro on how to read RSS in 2020, with some recommendations for feed readers.

(I started writing this a few weeks ago, but now might just be a great time to curate the news you want, and filter out the needlessly overwhelming stuff.)


Show more
Aral’s Mastodon

The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!