You may have heard of the /.well-known/ path, and the security.txt file, but there is a new one you should be aware of too:
/.well-known/change-password
It should redirect to your change password form, so password managers can easily send users there.
https://securinglaravel.com/security-tip-a-well-known-url-for/
[Tip#73] You may have heard of the `/.well-known/` path, and the security.txt file, but there is a new one called `change-password` you should be aware of too!Stephen Rees-Carter (Securing Laravel)
@ErikvanStraten personally I will share this with the @internet_nl project team, and let you know.
Personally this would improve password management for me. Too often the tools struggle with password changes and storing the right information to access an account.
Internet standards compliance test suite. Contribute to internetstandards/Internet.nl development by creating an account on GitHub.GitHub
More analogue photography?
YES!
I'm still enjoying it and love to experiment with chemistry, Filmstock and time.
The black and white pictures are shot on Fomapan 100, developed in Fomadon Excel at the recommended time.
The Color pictures are on Kodak Colour plus 200, developed using "my standard" Adenol C-41 mix.
But this time with a hacked together controller to closely monitor the temperature.
📍 East & Luitpoldhütte
w/ @Ican
w/ Spectrie
w/ Ari
Billionaire Larry Ellison says a vast AI-fueled surveillance system can ensure 'citizens will be on their best behavior'
Can all the billionaires please just finally fuck off to Mars and leave the rest of us alone
The unreasonable effectiveness of simple HTML
https://shkspr.mobi/blog/2021/01/the-unreasonable-effectiveness-of-simple-html/
I've told this story at conferences - but due to the general situation I thought I'd retell it here.
A few years ago I was doing policy research in a housing benefits office in London. They are singularly unlovely places. The walls are brightened up with posters offering helpful services for people fleeing domestic violence. The security guards on the door are cautiously indifferent to anyone walking in. The air is filled with tense conversations between partners - drowned out by the noise of screaming kids.
In the middle, a young woman sits on a hard plastic chair. She is surrounded by canvas-bags containing her worldly possessions. She doesn't look like she is in a great emotional place right now. Clutched in her hands is a games console - a PlayStation Portable. She stares at it intensely; blocking out the world with Candy Crush.
Or, at least, that's what I thought.
Walking behind her, I glance at her console and recognise the screen she's on. She's connected to the complementary WiFi and is browsing the GOV.UK pages on Housing Benefit. She's not slicing fruit; she's arming herself with knowledge.
The PSP's web browser is - charitably - pathetic. It is slow, frequently runs out of memory, and can only open 3 tabs at a time.
But the GOV.UK pages are written in simple HTML. They are designed to be lightweight and will work even on rubbish browsers. They have to. This is for everyone.
Not everyone has a big monitor, or a multi-core CPU burning through the teraflops, or a broadband connection.
The photographer Chase Jarvis coined the phrase "the best camera is the one that’s with you". He meant that having a crappy instamatic with you at an important moment is better than having the best camera in the world locked up in your car.
The same is true of web browsers. If you have a smart TV, it probably has a crappy browser.
My old car had a built-in crappy web browser.
Both are painful to use - but they work!
If your laptop and phone both got stolen - how easily could you conduct online life through the worst browser you have? If you have to file an insurance claim online - will you get sent a simple HTML form to fill in, or a DOCX which won't render?
What vital information or services are forbidden to you due to being trapped in PDFs or horrendously complicated web sites?
Are you developing public services? Or a system that people might access when they're in desperate need of help? Plain HTML works. A small bit of simple CSS will make look decent. JavaScript is probably unnecessary - but can be used to progressively enhance stuff. Add alt text to images so people paying per MB can understand what the images are for (and, you know, accessibility).
Go sit in an uncomfortable chair, in an uncomfortable location, and stare at an uncomfortably small screen with an uncomfortably outdated web browser. How easy is it to use the websites you've created?
I chatted briefly to the young woman afterwards. She'd been kicked out by her parents and her friends had given her the bus fare to the housing benefits office. She had nothing but praise for how helpful the staff had been. I asked about the PSP - a hand-me-down from an older brother - and the web browser. Her reply was "It's shit. But it worked."
I think that's all we can strive for.
Here are some stats on games consoles visiting GOV.UK
Matt Hobbs (@TheRealNooshu@hachyderm.io)
@TheRealNooshu
Replying to @TheRealNooshuInterestingly we have 3,574 users visiting GOV.UK on games consoles:
• Xbox - 2,062
• Playstation 4 - 1,457
• Playstation Vita - 25
• Nintendo WiiU - 14
• Nintendo 3DS - 16
20/22
https://shkspr.mobi/blog/2021/01/the-unreasonable-effectiveness-of-simple-html/
Housing Benefit or Local Housing Allowance (LHA) - rates, eligibility, claim form, calculator, appeals, 'Discretionary Housing Payment'.Government Digital Service (GOV.UK)
Sure, it's a joke about the IT dept. being furries. But legit:
I've been at companies where we had to draw straws to see who stayed on-call for the con.
After years and years of media reports that coal is having a comeback in the UK the last coal plant will go offline in just 2 weeks.
Coal in the UK is no more.
Credit for graph to @ketan
Sometimes learning to love yourself can be frustratingly difficult.
But sometimes it’s blissfully easy.
Awwww, that's adorable. 💜 💙
Learning to love myself is one of the hardest things I've ever had to do, and I still struggle with it. I feel like I'm closer to achieving it now than I have been for years, though.
Disabled Copilot for markdown files because I just cannot take seriously the attempts to ad-lib high level documentation or summaries of functionality.
Machine, shut the fuck up. The sentients are talking.
I'm OK
This song has just been stuck in my head for a while.
https://youtu.be/Qop5XLgwkNc?si=34WyNsqPl_epUX1P
Remember, there is help.
Jelly Roll - I Am Not Okay (Official Lyric Video)From the new album, Beautifully Broken, out October 11 Pre-Order here: https://jellyroll.lnk.to/beautifullyb...YouTube
When we give the canned answer that everyone always expects, are we really doing anything at all?www.furaffinity.net
He's ready to show you where all the cool cats go to party ;3
#UnasArt #furry #furryart #furryartist #furryartwork #UnaPanthera #badge #commission #characterbadge #illustration #characterillustration
"mysterious caves and tunnels always have luminous fungi, strangely bright crystals or at a pinch merely an eldritch glow in the air, just in case a human hero comes in and needs to see in the dark."
- Men at Arms, Terry Pratchett
In some ways more elegant than handing out Darkvision like candy.
Interactively zooming into the Mandelbrot set on a touch screen
Surprisingly delightful considering how many times I've built this and watched videos of it. It's a different experience deciding for yourself where to zoom in or out.
A bare script to render a single frame is 40 lines. Interactive touch support takes another 120 lines. Reducing detail during touches to make the UI responsive takes 10 lines.
The acceptable number of people getting SARS at any given event should be zero. Not ten. Not one hundred. Zero.
SARS-CoV-2 causes chronic disease in 10-30% of infections. That means for every 10 people who are infected, for 1-3 of them that will be a life-altering experience. Some will eventually recover. Others may not.
As reports of people getting infected with SARS at RustConf roll in, it’s hard not to think of those whose life will inevitably change because of this.
The cumulative number of SARS-CoV-2 infections in all RustConf events prior to this event was zero. That was possible by having basic precautions in place.
RustConf 2024, newly organized by the Rust Foundation, is the first event to break that streak.
This is the first-ever clinical trial using mRNA vaccines to treat pancreatic cancer, offering new hope to patients.The Brighter Side of News
July 2023 quick draw for Noble!
'Quick draw' portraits are a monthly art reward for Glazed Donut members of my Patreon! 🍩
https://www.patreon.com/megjames
made in #krita
Happy #SkyproSunday from Bedhead! 💙 Don’t wait for the perfect moment. Seize every opportunity and make the most of it!💪🔥
#fursuit #fursuits #furry #furries
My new squishies for my headphones came today. Headphones feel a lot nicer with new squishies on. :>
I hadn't realised how flat the old ones were - I only ordered new because the surface of the old ones was flaking and falling apart. Definitely needed it.
“‘The data on extreme human ageing is rotten from the inside out’ – Ig Nobel winner Saul Justin Newman”
> Regions where people most often reach 100-110 years old are the ones where there’s the most pressure to commit pension fraud, and they also have the worst records.
I'm surprised. This is my surprised face.
Saul Newman’s research suggests that we’re completely mistaken about how long humans live for.The Conversation
One thing that is vitally important as a moderator is being able to identify what I think of as "plausible deniability techniques."
These are patterns of behavior that give the speaker some degree of plausible deniability while allowing them to threaten or demean someone else. It's a variant of the JAQoffs and in just as poor faith.
I have numerous examples from decades of moderation experience, and it all follows about the same patterns.
1/
On a forum I moderated we'd have people who knew exactly where the line was and walk right up to it.
Repeatedly. With the exact same people. Over and over and over again.
If you didn't correct it as a moderator you'd lose the person they were targeting as a member and then you'd end up ultimately having to ban the troll anyways.
As a moderator this is the sort of thing that you have to watch for. As a team of moderators this is the sort of thing that you have to analyze.
4/
This sort of thing is also why dense rulebooks tend not to work, but having standards and consensus among your moderation staff is critical.
But if you blithely ignore that this is a technique you will lose to the bullies every single time. Your moderation will break down and, what's worse:
You probably won't know it until it is too late to fix the damage that has been caused. It will continue to get worse and it will continue to escalate until you stop it.
You have to learn to see it.
5/5
I've slept, so some concrete examples:
* Having identified that talking about killing a pig is upsetting, the bully talks about bacon, makes Lord of the Flies references, and uses emoji—seemingly randomly—like 🔪🐷
* A poster followed around another poster and always commented, on everything, "serious business." The meaning isn't known to the moderators, but the target knows.
* Everyone puts 🐸 (or Deplorable) in their name and make innocuous comments whenever someone posts.
I wish I could get the moderators of an online space I left in early 2024 to read this.
Their "off topic" and "general chat" areas were just starting to get messages from the kind of trolls that apparently are now the norm starting about a year before a US election.
A few of the regular users reported the troll messages to the mods, but the mods apparently didn't realize the technique you describe was in play.
Result: trolls stayed, regular users left the space (and one pulled their Patreon support), whole space got a little crappier.
: thanks, I wasn't aware of the existence of an RFC for a default change-password file!
For those interested: https://internet.nl checks any webserver for, among a lot of other things, the existence of the security.txt file (it shows its results in English, you don't have to know what Goudse kaas, stroopwafels and hagelslag mean
Best practices: https://internet.nl checks for lawful requirements of Dutch (Netherlands) governmental websites. After more than a year since that law came into effect, still a lot of govt. websites do not fully comply. In particular, many have still not set up HSTS correctly, such as Almere (https://internet.nl/site/almere.nl/2957791/ - not detected by https://developer.mozilla.org/en-US/observatory/analyze?host=almere.nl).
Unfortunately HSTS (which too often does not work) still has to help internet users, as browsers still do not *enforce* https connections in a sensible way (https://infosec.exchange/@ErikvanStraten/113045241408077702).
(Coen Wesselman @wsslmn : do you like the idea of adding a check for "/.well-known/change-password", and if so, is that something you could ask to be included in the tests by internet.nl?)
#changepassword #change_password #security_txt #websites #website #webserver #SIDN #internet_nl #HSTS #MDN
Scan results - HTTP Observatory | MDN
MDN Web Docs