WonderCon 2018

It’s been ten years since we first went to WonderCon, back when it was still in San Francisco. At the time I thought it would be fun to come back, but maybe not every year. As it turns out, we’ve kept going back yearly, only missing one! It’s effectively replaced SDCC for us, between the difficulty in getting tickets and hotels and just how overwhelming the event can be, especially for a kid.

WonderCon has been held in Anaheim since 2012 (except for one year in LA), and this year’s event ran Match 23-25. We mostly explored. None of us made it to any panels or signings, and the main floor has gotten big enough that it’s hard to see everything. There were costumes to wear, art to look at, toys to try out. The kiddo kept coming back to the fidget spinners and mystery boxes.

Cosplay

The kiddo wore his Minecraft Spider Jockey costume from Halloween. Katie repaired it and enhanced it, and it was a big hit. Everywhere we walked, we could catch people saying “Hey, Minecraft!” to each other. Lots of people wanted to take photos as well, though by mid-afternoon he was tired of it and declined a lot of them. I didn’t do anything complicated, though I did wear Steve’s outfit to go along with it.

Kid in a skeleton costume with a boxy head, wearing a cardboard-box spider as if the skeleton is riding it. And me dressed as Steve.

Katie brought back her Whitney Frost costume on Saturday. She got recognized a lot more this year than last. Did Agent Carter Season 2 hit Netflix between then and now? Has Madame Masque been more prominent in the comics? Then for Sunday she wore an alternate Kara Danvers (Supergirl) outfit that she’d intended to wear on the second day of Long Beach that we weren’t able to get to.

Purple dress, off-center 1940s hair, and a crack of darkness spidering its way down her face Office shirt, glasses, and ice cream

As for the general cosplay scene, there’s still a lot of DC, Marvel, Disney and Star Wars. And mash-ups. Lots of mash-ups. Samurai Spider-Man, Doctor Strange/r Things, Hogwarts of Westeros… Our full photo gallery is up on Flickr.

Hotel

After last year’s parking debacle (it took an hour to get from the convention center to the parking lot way out at Honda Center), and with a complex costume in mind, we decided to get a hotel this year. The cost was reasonable, especially compared to San Diego. Not only is WonderCon smaller than SDCC, but I suspect a larger percentage of attendees are local.

And let me tell you: it was worth it. We stayed at the Red Lion, right across Harbor. We were able to store the giant spider in the room, and take it to the con without dealing with a shuttle or walking for miles carrying the boxes. When J. got too tired to deal with the convention, I took him back to the hotel to hang out while Katie continued to explore. We could even put the kid to bed at something close to his usual bedtime!

Getting Around

Badges were mailed out ahead of time, but we still had to go to Registration on-site for the child badge (free with a paying adult, but you can’t pre-register kids). Fortunately, since we got there late in the afternoon on Friday, there was no line to speak of. And this time neither badge’s RFID state got messed up in the process!

They weren’t checking bags on the way in like Long Beach did last fall, just scanning badges and keeping an eye out like usual, so movement in and out of the con perimeter went smoothly. It was also cooler than we expected (and cooler than LBCC), which was good because of all the walking around, but a bit annoying because none of our costumes were really suited for jackets!

The yellow-sign judgmental religious protesters who’ve plagued these events for the last few years (the worst was probably the jerks harassing the line to get into LACC in 2016) never got closer than across the street as near as I could tell.

As far as food goes, I was kind of underwhelmed by the food trucks this year. The lines were just too long and the price too high for what you get. The convention center food was bland enough that J. actually refused to eat a hamburger. Oddly enough, IHOP has stepped up its game since I last went there.

Anyway, if you’re still reading this: thank you! I’m not sure who actually looks at personal con reports these days. I’m still writing them partly for completeness, partly to provide context for my photo gallery, and partly as something I can look back at for myself when I’m trying to remember, “hey, which year was it that X happened?”

Treat Passwords Like Driving: Separate Your Hazards.

The last time I set up a new computer, I was surprised to find that installing a password manager has become a critical part of getting the system ready to use.

It used to be that you could pick a few unique passwords for critical services like your primary email and banking sites, and reuse some passwords for less important sites, and maybe remember them all. But when so much of what we do happens online in so many places with so many different levels of security (and visibility), the attack surface is huge. Add in how many criminals and others are trying to break into those sites, and it’s no longer safe to reuse passwords.

Why?

If one site gets hacked, and you use the same password at another site, someone will try it just to see if it works.

The only way to protect against that is to use a different password on every site. And unless your online activity is very narrow, chances are you can only memorize a few of them. You can stretch it out with mnemonics like XKCD’s passphrase scheme, but eventually you’re going to have to record them somewhere. Putting it in a text file or spreadsheet is bad, because anything that gets onto your system can read it, but password managers are designed to encrypt them.

You still have to protect the master password on that file, but now you don’t need to worry that when someone finds your old MySpace password, they’ll start buying stuff on one of your shopping accounts, or hijack your Twitter as part of a harassment campaign, or use your email account to send malware to all your friends.

LastPass is a popular one. It’s cloud-based, which makes it convenient to use on multiple devices, but you do have to trust them. If you’d rather not trust your passwords to someone else’s computer, you can go with an offline manager like KeePass, which stores everything locally on your system in an encrypted file.

On Backdating Blog Posts

Most social networks don’t give you the ability to backdate your posts. That’s good, because it provides a trail that you can point to, saying “Yes, I did in fact post this before it became common knowledge/was plagiarized/etc.” But other publishing platforms do. It’s helpful for things like transferring an archive from another site — though it seems a little weird (and vaguely dishonest) to backdate a new post.

That said, I do backdate posts on this blog from time to time, generally when:

  • The post is imported from another site (Instagram, LiveJournal, a comment somewhere, a Twitter thread, etc.), and I keep the original posting date. Basically it’s a smaller scale version of transferring an archive. Sometimes I’ll make a note, sometimes I won’t.
  • I’m splitting an old post into two or more smaller posts, in which case I’ll usually keep the date but adjust one of the times.
  • I’ve got an old draft that I never got around to posting, it’s no longer relevant today, but I’d like to make it available in its original context. In that case I’ll add a note that it was backdated.

There’s also the accidental backdating that sometimes happens when I create a draft in the mobile app and it decides to keep the upload date as the posting date. I try to fix these as soon as I notice. But that’s not really the same thing!

Goodbye, Xmarks! (again)

I got an email from LastPass that they’re dropping Xmarks on May 1. Xmarks is a cross-browser bookmark sync service that I’ve used for a long time to keep Chrome, Firefox, IE, and Safari on multiple computers using the same set of bookmarks.

Once it’s gone I can still sync Firefox across devices, Chrome across devices, etc., but that doesn’t help with syncing Firefox, Chrome, etc. with each other.

That said, it’s been a bit flaky for a while:

  • Anytime I came back to a system without using it for a while, it would have trouble syncing and have to re-download everything.
  • Sometimes it gets confused by the different folder layouts.
  • Since Firefox dropped their old extension API, the new extension hasn’t worked well with my scheme that drops all cookies when I close the browser except those on sites I want to stay logged into.

Maybe someone will pick them up again, like when they planned to close down in 2010 but LastPass bought them and took it freemium. On the other hand, I’m not sure I would trust someone who wanted to buy them now. Maybe I should pull my data early.

Whatever the case: If you sync bookmarks across different browsers, what do you use? Would you recommend it?

Alternate Sharing Buttons (Now with Less Tracking!)

I’ve been trying out some alternate sharing buttons that don’t talk to Facebook, Twitter, etc. — or to a third-party button provider like ShareThis — until you actually click on the button. Facebook can track you across the internet when sites include the standard “Like” button hosted on their services. Same with Google and the +1. Even WordPress’ Jetpack buttons will call out to Facebook and Pinterest to display the share count. I want to reduce my contribution to ubiquitous tracking.*

Sharingbuttons.io is totally self-contained and doesn’t even use any JavaScript. You use their site to generate a set of buttons for a particular page, then copy the HTML and CSS to your site. Downsides: The HTML includes embedded SVG that has to be repeated on every page, and your page title and URL are repeated in each button within the page. I used this set on the old Alternative Browser Alliance site, replacing ShareThis. It’s only around five pages, so it was faster to repeat the generator five times than write a tool to template it.

Share42 uses locally-hosted JavaScript to avoid repeating the title and URL on every button, and a single image sprite generated from the set of buttons that you choose. You copy both files to your own site, so that it doesn’t contact a third-party server just by appearing. This also made it simpler to add to WordPress, because I only need to add an easily-templateable stub and enqueue a local script. So I put it on Speed Force, replacing Jetpack’s sharing module. I may put it on the old Flash reference site (which used to have ShareThis on it) if it seems like it’s worth it.

These are both topic-based projects. For my personal blog here, I’ve decided to just drop the share buttons entirely. I’m not sure how useful they are these days, anyway, especially on mobile, where sharing to an app is built into the system.

*Yes, I said reduce, not eliminate. I’m still using WordPress stats, for instance, though I’m phasing out Google Analytics on my personal sites, and of course anywhere you actually embed content from another site, the remote site can potentially track your visitors.