Death of the Internet [#49]

December 14th 2017: The day the internet died.

It’s a weird thing to wake up to, the repeal of net neutrality in the US. There’s is absolutely nothing that I, as a British citizen, could do to prevent the FCC from taking this course of action. Which, to be fair, isn’t too far from the reality for American citizens either; the result is not particularly unexpected, despite widespread criticism.

There’s also no way of knowing the impact it will have. Worst case scenario, as a non-American, would be seeing other governments (particularly my own) mimicking the decision and formally handing the web over to corporations, rather than people. Except, outside of the US the ISP market isn’t dominated by monopolies, so the market would actually stand a chance at forcing effective neutrality. That means I’m fairly insulated from the most obvious repercussions. Harder to measure, but probably more likely, are the ripple effects. How many new services will simply never exist if US providers decide that road blocks are more profitable than open highways? How much innovation in Silicon Valley will be lost to firms spending less on R&D and more on bandwidth?

On the other hand, if ISP’s in the US do abuse their new powers it could lead to the slow (or relatively sudden, depending on perspective) eroding of the US as a global leader in technology and software. Whilst the UK is not exactly well placed to pick up that slack, countless other countries would likely benefit. Less of an American influence on the web could actually be widely beneficial (of course, not to Americans).

The result is that the loss of net neutrality, from a global perspective, is a bit of a grey area. We may benefit or we may lose, but ultimately we will be slightly more able to shape that destiny. The ridiculousness of the decision is that such luxury is not afforded to the US itself. They are the ones rolling the dice, but they’re also the ones with the highest stake, all balanced precariously on an unknown odd. No matter what happens next it’s pretty unlikely the US will benefit, but the rest of the world just might.

On that note, if you are in the US and are rightfully worried/angered by the decision that occurred yesterday, I’d point you towards Ethan Marcotte’s break down. It offers a slim silver lining which is plausible (unlike some of the others doing the rounds) as well as an even, yet irritated, overview of what it could actually mean. Well worth a read and well worth enacting.

Welcome to the Grid [#42]

There are a lot of new web technologies emerging at the moment which really feel like we’re entering a new era. Over the last decade, the likes of HTML5, ES6+, flex box etc. have brought the web, and the technologies on which it is built, very much into the modern day. Accessibility, responsiveness and flexibility have become standards, instead of the nice-to-have pipe dreams they were when I first built a website. Still, a lot of the new features and developments have been addressing limitations of what the web was back in the early noughties.

Right now, then, is a little different. There are still plenty of problems with how the web operates, limitations to its functionality and misuses of its resources, but with a little time and effort a website can become everything it was ever designed to be, and much more. The next round of technological implementation, then, is redesigning the way the web works. Do you need an active internet connection to be ‘online? Not any more. Want a website to do more than simply house and interlink static text? That’s getting pretty common.

Despite these huge leaps forward in terms of functionality, one element of those old, dark days has remained missing. Right when I started to learn HTML the standard approach was to mimic page setting from magazines by using <table> elements. That practice died a deserved death, but ever since the web has been slightly restricted in how it can display information in a dynamic, yet rigidly structured, manner. There have been improvements, such as display:table, flex box and semantically clearer HTML (section, article, aside etc.), but ultimately none have met the ease of application of a table layout.

Hopefully that’s about to change, thanks to CSS Grid. It’s a technology I’ve heard bits and bobs about for some time, but I’ll admit it hasn’t excited me like service workers or PWAs have. Thanks to (yet another) great article from A List Apart, I’m now firmly on board the Grid train and willing it to go faster, and faster, and faster. Honestly, I love the whole concept, but for me one of the most exciting aspects is the quick prototyping available through template-areas. For a full breakdown, read the article, but the “aha!” moment for me was seeing how this:

.cards {
        display: grid;
        grid-template-columns: 1fr 1fr 1fr;
        grid-gap: 20px;
        grid-template-areas:
               “a a b”
               “. d d”
               “c e e”;
}

Is automatically translated into this:

Layout of 5 grid blocks and 1 empty cell, showing how CSS Grid can span columns and rows, auto-fill containers and be easily spaced.
The beauty of CSS Grid.

That’s not just replicating all the functionality of the table-based layouts of yesteryear, it’s taking the best part of it, the flexible rigidity, and removing all the irritating parts, leaving just the essence. It’s wonderfully simple yet extremely powerful and has clearly been thought through to an obscene degree. The fact that even blank cells are inherently catered for, rather than having to just set a blank <div> or similar, is just fantastic. Vendor/browser support will be the next big hurdle, but by the sounds of things that’s coming along extremely well. Give it a year and CSS Grid looks like it could well be the new standard approach.

Stickers, Eclipses and Lighthouses [#35]

Today is a day for another round-up of interesting pieces from across the web. Nothing too special, but hopefully a little intriguing.

First up is Google Lighthouse, one of the many branches of the Alphabet behemoth and a pretty interesting little project. I haven’t actually managed to get it up and running, but I’ll definitely be trying it out on theAdhocracy some time soon (and probably weeping at the result). I don’t need to test it, though, to see it will be a very useful tool in battling the increasingly problematic issue of internet lag.

Second is the article which led me to Lighthouse in the first place: AMPersan, by Ethan Marcotte. Not much to add to this one, just another voice adding weight to my uneasiness with the idea of AMP and similar projects. Well worth a read if you’re interested in the open web.

In third place is a collection of ‘achievement’ stickers doing the rounds of the blogosphere right now. Originally designed by Jeremy Nguyen, published on The New Yorker and personally discovered via TheLogoSmith, the stickers are a humorous look at the pitfalls of being self employed. They’re specifically designed for freelance designers, but I feel a lot of them are applicable across disciplines. If you work from home, you’ll probably find yourself smiling and nodding.

Fourth on the list is a simple article from Martian Craft outlining “The Importance of Routine“. The post is aimed at remote works and is far from news to me, but it is a well written example of how to apply this kind of thinking. I’m saving it here more to try and force myself into setting something like this up for my own free time.

Finally, I was blown away by the “Lifetime Eclipse Predictor” visualisation created for The Washington Post (discovered via Source). In the wake of the recent total eclipse in the US, along with reading various posts on the rarity of such events, I’ve been left with a real urge to try and make sure at my path eventually coincides with a path of totality. It is a ridiculously awesome coincidence that our moon’s diameter and planet’s solar distance align so accurately. I mean, even if there are other life-hosting planets out there, we’re certainly one of an incredibly small number that can witness this phenomenon. That makes it practically a responsibility to see a total eclipse, at least once.

Security All The Way Down [#26]

Source, one of the many blogs I follow, has recently had a themed content week focusing on security. For their main readership this means security for the newsroom, security for the journalist, but their articles are both fascinating and widely applicable. It may seem a bit ridiculous but the reality is: everyone is a target. Yes, a journalist is more likely to be specifically targeted, because they have access to unique and often-times damaging material, but literally every single person has something that is valuable to someone else.

Maybe it’s money in the form of online bank accounts, crypto wallets or card-verified e-commerce sites like Amazon. Maybe it’s social media accounts, valuable for gathering personal identifiers that can be sold en masse for identity theft purposes or even to be used as part of modern botnets, spreading viruses and further compromises. Maybe it’s compromising personal information, images you wouldn’t want widely distributed or conversations you’d rather pay to keep out of the public eye. Maybe it’s just the thrill of seeing how far you can go, what you can uncover.

It’s unlikely that you would be directly targeted, but it’s actually fairly likely that you will be targeted at some point. It’s happened to me. A few years ago I received a message from my bank querying a large sum purchase made with a debit card that I hadn’t used in years. I freaked out a little, contacted them and had the transaction cancelled; once the bank had assured me that no further charges would occur I calmed down and started trying to piece together how the hell someone had managed to skim a card that had been out of circulation for years.

The answer, as is so often the case, was the combination of forgotten accounts, common passwords and third party security breaches. Exactly which chain of interconnecting services led to this particular attempt at fraud is impossible to prove, but here’s my best guess. Back when I was heavily active on League of Legends they had a mass server breach, with hundreds of thousands of accounts compromised. The parties involved made off with data tables of passwords, account names and associated email addresses; no credit card details, but enough personal information to be seriously damaging. My account name was unique and the associated email address had a different password, so I figured I was safe. I was wrong. Someone, somewhere, managed to link my username to an old email account, which used that same password (Error #1). They accessed that email account without my knowing (Error #2 – setup two-step authentication!) and from their likely downloaded my entire email history (Error #3 – if you don’t need it right now, encrypt/archive it or delete it).

Within that database of emails were messages from an ancient PayPal account I hadn’t used in years (Error #4 – close accounts you no longer need). That PayPal account had a different password, but that doesn’t matter; whoever it was simply had a password reset request sent to my compromised email address and flipped it. That PayPal account was still connected to my old debit card, which I’d never closed down despite no longer using it (Error #5). They tried to use that account, with that card, to make a purchase when luckily a third party, my bank, flagged it as suspicious. As a result, the purchase was cancelled. Great, right? Problem solved, issue avoided, time for a cup of tea, right?

Wrong. I contacted PayPal and had the account closed, I went to my bank and terminated the card and figured the worst of it was over. Except, the email account was no longer accepting my leaked password. Four years later and, for some reason, the password happened to be flipped back to the original one; I’ve just managed to regain control, through sheer luck, but the ripple effects are still being discovered. That email account was the main personal ID for dozens of other online accounts, many of which have been deleted, taken over or banned. Some were used for spam, others for malicious “fun” and others just destroyed. I’ve spent the best part of the last two weeks going through that old email account, finding associated logins across the web and shutting them down or taking back control.

The whole ordeal has spanned years and is still on going. Now, on the one hand, I got lucky. Losing so many accounts didn’t impact my financially, it didn’t uncover any secrets that could have been used to blackmail me or hit me IRL (I’m too boring for anything like that) and I never really felt any negative impact from it. I’ve lost some memories and a decent chunk of my personal time, but that’s about it. But like I said, I got lucky.

So, whilst very interesting and a recommended read, going through Source’s recent articles on personal security have left me a little red-faced. For everything I supposedly “learned” I’m not much better today then I was four years ago in real terms. I’ve slowly been building a database of accounts I have, what they’re associated with and the personal details they contain. I’ve reset my passwords and made sure they’re all unique. Where possible I’ve closed accounts I no longer want or, at the least, removed any personal identifiers from them. But beyond that? Not much.

Reading through A Guide to Practical Paranoia is like reading a checklist of ways I’m falling behind. It recommends using local password managers like KeyPass rather than cloud-based services, but I still haven’t managed to even make that step. Tor and other end-to-end encryption are mentioned as good first steps, but all I have is WhatsApp… not sure that really counts. Don’t use out of the box, popular options for data you care about it says, which I agree with whilst writing on a WordPress blog running the vanilla theme.

Perhaps it’s time to start making inroads into my personal security again. The reason it hasn’t happened yet is because it’s hard, it’s boring and it can be pretty confusing to boot, but the alternative is harder and potentially actively damaging. In the mean time, though, I can definitely recommend giving the suggestions and ideas on Source a good read over:

A Guide to Practical Paranoia – Stephen Lovell (Source)
Why My Motto as a Security Journalist is “Assume Breach” – J. M. Porup (Source)

 

Drawing the UI for the IoT? There’s an App for that!

Forget UI design, let the user decide instead.

I absolutely love this concept from Marc Exposito which combines the best of IFTTT and augmented reality to allow you to quickly, simply and visually control Internet-of-Things enabled devices. I’ve yet to find any IoT gadgets that actually warrant a purchase (personally) but as the field expands and becomes more ubiquitous, apps such as Drawit will in turn become more and more powerful. These are the types of problems and subtle interactions that I can see the IoT, tablets, wearables etc. really embracing in the near future.