Not too long ago I started to add some additional security headers to the sites I build. I started doing this on my own site to explore new techniques, but then started to like the idea and a little extra security doesn't hurt.
A problem that I have ran into: When using base64 encoded images in your code and you want to add a Content-Security-Policy (CSP), the image-src directive in the header needs a little extra instruction. It's not enough to declare self or unsafe-inline. Instead, for base64-encoded images, its "scheme" must be allowed.
data:image/png;base64,iVBORw0KGgoAAAANSUhEU…
The data: part in the above is called the scheme, which is similar to a better known scheme like https:. By using this scheme, it needs to be declared in the CSP. It's important to notice that the colon needs to be included, otherwise it won't work.
img-src 'self' data:;
The reason for this little awkwardness is that it's otherwise difficult to distinguish between a 'data' scheme, and a host named 'data'. You can find some more details in the spec.
I'm a sucker for good design and besides some smart thinking and great execution, this article, or rather its illustrations, on the brand redesign for Petbarn made me smile a lot. (found via DenseDiscovery)
The website also shows the fun illustrations and just hovering the navigation made me smile again :)
A screenshot of the navigation on petbarn.com.au, displaying a cute cat illustration next to the sub navigation items of the cat section
This rather long essay by Oliver Reichenstein looks at the meaning of “Ethics” and Ethics in our world of today. Why do we sometimes need to put it in quotes? What's the right thing to do, anyways?
There is a connection between good and beautiful. Theoretically, this brings to Plato’s ethics. It claims that beauty, justice, and goodness are connected. A strong point of view. Plato is considered to be an enemy of the senses. But if you study Platonic ethics – beauty, goodness, and justice – they’re one and the same idea, the highest idea. Designers have an affinity to see beauty, to see beauty in goodness, beauty in justice.
While this has been true for Plato and might still be for some, it hasn’t been part of the idea of capitalism, which bred greed, which more often than not turns into evil.
Sometimes when typing a long command or a commit message in Terminal, you might notice a typo, or want to add or change something. Very likely, you’d use the left-arrow key to move the cursor to the desired position, which sometimes can be a little tedious.
Luckily there’s an easier way: Option-click your Terminal prompt line at the position where you want to change or insert text. Your cursor will then blink right where you wanted it and you can start typing away.
Another way to speed things up is by using the option (alt) modifier key in combination with the arrow-keys (⌥→, ⌥←), which lets you jump the line word by word, which is also a little quicker.
At Colloq, we’ve recently been playing around with the dark mode preference, to give it a try and see how things turn out. After trying and using it for a while in Safari’s technology preview, I started to wonder:
Do I really want all websites to appear in a dark theme, just because I like my OS interface in dark mode?
I’m really not sure and I guess we’ll have to wait and see if there will be a way to define settings more granularly. Since this is quite a new thing, time will probably tell, but for today, this is just something that has been on my mind for a few days.
Some good tips on how to write good speaker invites and what information to include by Bruce Lawson. It’s generally about good an clear communication and while some things might be very clear for yourself, always assume the other party might not know all of it. It also helps to easy the effort, because noone wants to do research to understand an email.
While I was cleaning up some digital stuff, I came across an old article that I have written in 2014 for the StartupsHK blog. I couldn’t even remember I ever did, but there it was. A lot of things have changed since then, but the message still holds true.
I came across this clear and concise overview by @shortdiv on the various options on loading web fonts. I really liked it for its simplicity in writing and laying out the most important facts and options.
If the above post isn’t detailed enough and you are looking for further possibilities and some more technical details, you can knock yourself out with @zachleat’s complete guide to web font loading.
The following article is a nice write up on the possibilities, difficulties and challenges that we might face with CSS Grid in production today. Discussing how we can possibly make the most out of it and learn the best ways to deal with incomplete support, Matthias offers a nice perspective on the topic and explains how prototyping can help us to better understand the limitations.
Dealing with incomplete support has always been one of the challenges of creating things on the Web.
[…]
To make the best use of it, we, therefore, need to learn how to play this new instrument and prototyping in code can be vital to explore the possibilities that CSS Grid offers.
There has been a lot of talk about HTML & CSS recently. It's easy! Both languages aren't getting the full recognition they deserve. Many times they are belittled, yet so difficult to truly master. This article by Heydon Pickering is spot on and hits home so many times. Recommended reading.
This is all to say that, if you put someone in charge of all of these things, it’s highly likely they are going to be much weaker in some areas than others (I’m identifying a trend here; there’s no need to comment with “but I can do all the things”, thank you). Worse: they’ll tend to have little interest in improving in areas with which they don’t identify or for which they aren’t rewarded. In my experience, men especially earn kudos for their knowledge of JavaScript, but little from CSS skills. CSS, which makes things look ‘pretty’, is considered feminine (don’t tell that to a peacock).
It’s the time of design & development advent calendars again. Hello December. This year went fast again. Since I recently decided to write more again, I was thinking to try to write something every day in December. Quite a challenge, but one can always try.
The start today, December 1st, didn’t go too well, since I’ve been out most of the day and when I remembered that I still wanted to write something, to my surprise my site was down :( Last night I initiated a server move for my hosting package so that I can finally have a better server and some new features. With that, obviously the IP address of the server had changed and I didn’t think of updating the DNS records on time… I have now updated the records and the site should be back up soon again, but this post didn’t make it on time for the 1st, or at least not on HK time for the 1st. Propagation seems to take some time today and I’m not sure if I want to wait for it. Either way, this and more posts will follow.
Today I had a long conversation with Anselm & Tobias and how to best schedule work time and get the most out of it to be most productive. Tobias has tried the Pomodoro technique for some time and it seems to work well for him. Anselm and myself haven’t tried it yet, but are interested in doing so and, as we usually always do if someone does one thing, ask a lot of questions to get the quick tl;dr version from the person in the know ;)
I made me think of Brad Frost’s approach of scheduling every minute of the day, which is also quite interesting and seems to work well for him. For Brad the Pomodoro technique didn’t stick. The only way to find out what will work for me, is to try one and/or the other.
Even though scheduling every minute of the day sounds very intriguing, I think for now I do prefer the idea of Pomodoro, since it seems easier to accomplish and stick with.
One thing that came up today was how Pomodoro would (or could) apply to creative work? While for Tobias this is quite straight forward and should work the same way, I’m not sure if this can be applied to all different kinds of work. It for sure is possible to break creative work down into small pieces, 25 minutes doesn’t seem enough to even get into a creative head space… But: It seems.
I guess the only good way to find out is to try, hence I will try to apply it from tomorrow on and see where it will take me.
How do you schedule your work/time to be most productive?
I wrote a new article on Colloq where I explain how we solved an issue with our component semantics. It has proven as a solid solution for us and allows for a lot of flexibility, without messing up semantics. Read the article on the Colloq blog and if you have come across similar issues, I’d be glad to hear your comments and ideas.
The recent “The Cult of the Complex” by @zeldman kept me thinking, just like this tweet by @dhh did. I also feel like there was a time where our work has been much more productive and efficient a few years ago. I keep wondering if there could be a correlation between our productivity and the increased complexity, mainly caused by the ways we work today. My initial thought was “No way, things are so much better than they used to be…!”, but no doubt, they’re also much more complex now.
So here’s the serious, and thought-provoking question: Has our work gotten so much more complex that this complexity might hinder us more than it helps?
What do you think? What’s your impression? Let me know your thoughts.
Today I came across a tweet by Gerard Sans, in which he announced a public list to help conference organisers find more women speakers. I'm all in for more diversity at conferences and think that this is a great effort and another step in the right direction to create a better community, improve diversity and build a more inclusive community. We need more of this!
I have applied to a few conferences again this year and as usual, there are more rejections than acceptances. For obvious reasons it’s not great to get rejected, but I always try to learn more about the “why”. I usually always ask conference organizers for more details on the rejection and some feedback. Sometimes I don’t hear back, but other times I get really helpful, constructive feedback which allows me to improve for next time.
Over the last weeks I have learned a lot about the new GDPR regulation and the changes that will come with it. For the most part, I think this is a great and very welcome change and I believe that it will also unveil a lot of the really bad practices that have happened behind the scenes. I’m definitely looking forward to May 25th and the time after. This is all great.
On the flipside, many things about this regulation aren’t very clear and leave a lot of room for interpretation. If you want to be on the safe side, you might have to make some big compromises and that might not leave you too excited. Especially for sites/companies/people who already try to collect as little data as possible and put ethics at the core of their products, a lot of things have to be added to privacy policies that can make everything sound much more scary to end users than it actually is. Getting Colloq GDPR-ready makes for a good example of this. Stay tuned for some more details on our GDPR experience.
While we’ve been working through and signed quite a few DPA’s with various services to get Colloq fully GDPR compliant, we’ve also come across some services where I’m a little surprised about their feedback, which in more than one case reads somewhat like this:
Thanks for the response! We currently don't have a DPA in place that we can provide as we're still working on this. We should have this all set and ready by May. If you have any other questions, feel free to ask!
The enforcement of the GDPR goes into effect on May 25th, 2018. That means everyone needs to be compliant by that date and in some cases getting compliant can be quite some work. The issue is that you have to wait for these services to be ready to start thinking about how to handle each and every case and what to do with those services.
The main problem here is timing: While some services take their time to be compliant by the effective date (or whichever date “ready by May” refers to…), only a small amount of companies seem to actually care about their customers and how they also need to meet the deadline…
The recent interview of Tim Cook with Recode that will air later this week, sounds very interesting and in it, TIm Cook takes a pretty clear stance:
Cook made that point again today: “The truth is, we could make a ton of money if we monetized our customer — if our customer was our product. We’ve elected not to do that.”
Swisher posed a question for Cook: What would he do if he were Facebook CEO Mark Zuckerberg? His answer: “I wouldn’t be in this situation.”
In today’s world, everyone has to decide who and where they want to be. The side Apple wants to be on makes me feel more positive about the future and will likely make me an even more loyal Apple customer, too. I hope that more and more people will join this side and that together, we can re-shape things for a better.
I don’t use Instagram as much anymore as I used to, but sometimes when I post something and it “takes off” with a few more likes than usual. Once in a while I have look what happened and the other day I clicked a link in a new followers’ profile to have look at their shop and what they were selling. I found swimsuits and bikinis. Since then, I keep seeing ads from that shop on many sites I visit, again and again. Happy targeting. And such a waste of money. But most of all, not very targeted after all. I wish it would be something more useful that I liked.
Last week, while I updated a few things on this site, I somehow broke the feed. As a result of getting it fixed again, I now have a combined and separate feeds for articles and notes. To subscribe, enter any page URL into your feedreader and all three should get announced.
All of this isn’t to say we should never use compressive images—never is a word that rarely applies in my experience. But it does mean that we should be cautious.
Another very good post by Tim and I very much agree. As with everything, it really depends on when and where to use it. For some cases it might still be a good solution and I have to say I kinda like it. Mostly and especially for displaying multiple images, you are probably better off with the newer techniques, but there's also no rule that wouldn't allow to combine the techniques that work best for you in each case.
It’s easy to blame third-parties and not taking responsibility for incidents of any kinds. The underlying problem is that it’s possible that it’s you yourself who allowed things to happen by design.
It’s you who designs your service. If you’re an engineer, it’s you who builds the API and the permission model which third-party gets access to which data. If you’re a designer, it’s you who designs the interface to ensure people understand what they’re doing when granting access. If you’re part of the company, it’s you who decides whether the service will work when users block Google Analytics or Crashlytics. It’s you who decides which data the service really needs. If we start with that in mind, it doesn’t matter if I’m working for someone else or myself. I know that I am responsible for what I work on.
Some interesting points and observations on AMP from Tim Kadlec.
AMP’s restrictions mean less stuff. It’s a concession publishers are willing to make in exchange for the enhanced distribution Google provides, but that they hesitate to make for their canonical versions.
Sadly, in the end it's not really about improved performance, but wider reach paired with better performance. Otherwise it would be very easy: Less stuff, better performance.
Today marks the 29th birthday of what started as “Information Management: A Proposal” and we now know as the Internet. I still remember the feeling when I first saw email and the web in 1998. Since then we’ve come a pretty incredible long way and that’s definitely worth a short post. w3.org/History/1989/proposal.html
Content-Security-Policy and Base 64 Images
