A Cup Of Matcha 11
I feel like I’ve had a productive week, but trying to finish existing projects has overlapped with fascinating new things that I don’t have time to look at yet. With a bit of luck one of those projects will have a release announcement just to the left of this very soon.
Identity management things first:
- Unlock 1Password with SSO using OpenID Connect 1Password’s SSO feature now works with generic OpenID Connect
- Email addresses are not primary user identities Problems with using email addresses as user names
- I still don’t really get “hash shucking” Hash “shucking” is new to me too
- eID Easy Offers an OAuth2 bridge to national ID services
- RFC 9399 RFC proposal for embedding logos and avatars in x509 certificates!
- Safari allows to configure password autofilling Harm reduction I suppose
- Please don’t use GPT for Security Guidance The stochastic parrots don’t understand risk. Or anything really.
I’ve seen so many apparently good IAM products and protocols fail that I now tend to limit my enthusiasm for new things until people are actually using them. Verifiable Credentials seems to be passing over the line from neat idea to practical tool (I’m not counting any of their use by “crypto” and Web3 scams, for obvious reasons). The general idea is that rather than sign an entire assertion containing many attributes, attributes are signed individually, and confusingly referred to as “credentials” which to most of us means authentication values, not user data.
- Verifiable credentials Wikipedia’s summary
- OpenID for Verifiable Credentials Combining VCs with OpenID Connect seems viable
- verifiable credentials implementations I’m trying to avoid any library written for Web3
- Verifiable Credentials Data Model v1.1 This would all be nicer in XML you know
- vc A Ruby gem package for Verifiable Credentials but the source code has vanished
- Let’s (actually) Share Our Verifiable Credentials “A specification profile outlines the way in which multiple parties agree to implement a given set of specifications”
- UK digital identity and attributes trust framework UK Gov is trying the federated ID thing again, this time with OpenID Connect and VCs. The tech, however, was never the problem.
Shocking but not surprising news that naive web developers have implemented almost worst-case privacy leaks by using Facebook integration. Never integrate with Facebook if you value privacy. Management however need a serious kick up the arse - it’s understandable that young web developers make mistakes, it’s not acceptable that NHS security audits missed this.
- NHS data breach: trusts shared patient details with Facebook without consent NHS should have caught this
- UK mental health charities handed sensitive data to Facebook for targeted ads but I’ve got a little more sympathy for charities missing it
I’m still very bad at sales and marketing
General web development and sysadmin things:
- jarbler Another way to pack Ruby into Java .jar packages
- Molly White Tracks Crypto Scams Molly White is doing a great job on this
- plane An open source alternative to Jira, etc.
- requests HTTP library for Go
- color-names Vast collection of colours, each named
- Database CI/CD More database version control and management
- Bootstrap 5.3.0 Another Bootstrap release!
- Error-Message Guidelines An often neglected aspect of UX
- Mastering CSS Blend Modes I keep meaning to use CSS blending for corny retro effects
- Web Share API A browser API for “Share” button functionality
- Pogo Elixir clusters itself easily, this manages processes across clusters
- Phoenix LiveView 0.19 released New LiveView - new Phoenix soon?
- Dynamic forms with LiveView Streams I want to try this out, have not had a chance yet
- Context maintainability & guidelines in Elixir & Phoenix Code organisation advice
- dys2p Linux file encryption report: make sure you use good passwords
- Why I left Rust and I Am No Longer Speaking at RustConf 2023 Rust community has some dysfunction going on recently
- RubyKaigi 2023 In Ruby, Matz is nice so everyone is nice (except DHH) - report from a recent conference
- Quick Tricks with the .iex.exs file Customising the Elixir REPL
- docbase Another open source document sharing app
- dittofeed A message-sending backend service. I’ve made something similar so I mean to poke at this one to see how they’ve managed it
- The HTTP QUERY Method A new HTTP method! QUERY improves over POST for searches
- Perspective Fancy, fast and interactive graphs
- Javet Embed Node.JS into Java (I’m wondering if this can be combined with the jInterface Erlang feature I mentioned last week)
- orama Another “static” web search engine
- Private Beta Update & Roadmap Bluesky continues to improve, with some neat tech. Social problems tend to be the real challenge
- There’s a new Ubuntu Linux desktop on its way Read-only OS layers, like MacOS’s, come to Ubuntu
- The Best Strategies to Slim Docker Images I’m a keen image-golfer but I’ve not tried some of these approaches
- Announcing WASIX POSIX for WASM! This could have massive implications. I’m still embarrassed by the word WASM though
- Why I prefer trunk-based development I’m open to this but it’s very context-driven
- Passenger 6 - Polyglot enterprise grade web app server I had no idea Passenger could glue any web apps into Apache now
- legitify Check the security and configuration of Github organisations
- Icon Horse Extract icons from websites
- awfice Absolutely tiny but (barely) functional office apps inside URLs
- wilding.radio Mix live sounds from rivers and woodland
- Flowers for Turing Fundraiser and tribute to Turing
- doom-teletext Playing Doom over Teletext