Show newer

When humanity was a child, it was cruel but at least limited in its destructive capabilities. Now humanity is an adolescent, it is still cruel but with few limitations to constrain it. It remains to be seen whether we can clean up our act, reform our habits, and reach adulthood.

My latest ramblings are now recorded for posterity on the site :)

Show thread

Will be live in a few minutes at with a S’update (small update) of what I’ve been up to. Today’s theme: talking openly about the dev process (I’ve had a frustrating few days recently).

Before you can do bad things to people with a clear conscience, you must dehumanise them. In Big Tech designers and developers can build systems that track, profile, and exploit people then go home to hug their kids because they’re not people to them, they’re “users” and “data.”

Looks like we'll need authentication of any kind of external code - which upon writing it seems completely obvious.

How lazy we have become...

CC @aral

Nice to see folks thinking along the same lines (and three years ahead of me) ;) – looks like Tom Hacohen already built what I wanted to verify the index page at least.

(The reason I’m looking past subresource integrity is because I need to have dynamic plugins and subresource integrity is only useful for resources you know at build time.)

Show thread

I’m playing with dynamic imports for a plugin system in JS but dynamic imports don’t have any sort of verification built in. So I’m thinking of implementing simple signed modules that are loaded in and evaluated. But before I fall down that particular rabbit hole, does anyone know of similar attempts? (I did the usual search engine scouring and stumbled on Web Bundles and Signed HTTP exchanges but though they sound similar, they’re very much not the same thing.)

Thanks to a heads-up from @heydon, I just fixed the formatting issues on my “Building a simple chat app with Site.js” post. Check it out here:

Reading: “Google proposed Web Bundles could threaten the Web as we know it”

(Missed this when it first came out. Funny how Google proposes standards that benefit their business model, isn’t it?)

Let’s one web site at a time (starting with yours). Remove tracking devices from surveillance capitalists like Google, Facebook, etc., from your sites and tell people you’re doing it.

For lists of alternatives, see:

To understand why millennials hate you, you must understand capitalism. To understand capitalism, imagine being forced to play a game of Monopoly where one person starts with nearly all the money in the bank and all the properties… and what about you? Fuck you, that’s what.

Any old ideology can exploit people… the true genius of capitalism lies in getting the exploited to celebrate their own exploitation in hopes that maybe one day they’ll be the ones doing the exploiting.

Heads up: Small is Beautiful – our live stream on Small Technology – will henceforth be monthly, not weekly (so there’s no stream today).

This month’s stream is scheduled for the third Thursday (Feb 18, 2021) at 5PM UTC and will feature Paul Frazee (Beaker browser) to talk about his new decentralised social network project, CTZN.

Finally found the time to open a discussion on the Snowpack forums about the lack of subresource integrity (SRI) in Skypack:

(Background: my post from the end of last year titled Skypack: backdoor as a Service?

We don’t need Smart Cities, we need Smart Citizens.

"CommonJS to ESM in Node.js" by @aral

I've been migrating some projects to native ESM, and I ran into many of the same problems. There are some nice quick fixes in here I wasn't aware of.

You'd think somebody would write a codemod to just do this all automatically... Here's hoping someone invents one before I have to do my next migration. 🤞

Show older
Aral’s Mastodon

The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!