Category Archives: Highlights

Treat Passwords Like Driving: Separate Your Hazards.

The last time I set up a new computer, I was surprised to find that installing a password manager has become a critical part of getting the system ready to use.

It used to be that you could pick a few unique passwords for critical services like your primary email and banking sites, and reuse some passwords for less important sites, and maybe remember them all. But when so much of what we do happens online in so many places with so many different levels of security (and visibility), the attack surface is huge. Add in how many criminals and others are trying to break into those sites, and it’s no longer safe to reuse passwords.

Why?

If one site gets hacked, and you use the same password at another site, someone will try it just to see if it works.

The only way to protect against that is to use a different password on every site. And unless your online activity is very narrow, chances are you can only memorize a few of them. You can stretch it out with mnemonics like XKCD’s passphrase scheme, but eventually you’re going to have to record them somewhere. Putting it in a text file or spreadsheet is bad, because anything that gets onto your system can read it, but password managers are designed to encrypt them.

You still have to protect the master password on that file, but now you don’t need to worry that when someone finds your old MySpace password, they’ll start buying stuff on one of your shopping accounts, or hijack your Twitter as part of a harassment campaign, or use your email account to send malware to all your friends.

LastPass is a popular one. It’s cloud-based, which makes it convenient to use on multiple devices, but you do have to trust them. If you’d rather not trust your passwords to someone else’s computer, you can go with an offline manager like KeePass, which stores everything locally on your system in an encrypted file.

Alternate Sharing Buttons (Now with Less Tracking!)

I’ve been trying out some alternate sharing buttons that don’t talk to Facebook, Twitter, etc. — or to a third-party button provider like ShareThis — until you actually click on the button. Facebook can track you across the internet when sites include the standard “Like” button hosted on their services. Same with Google and the +1. Even WordPress’ Jetpack buttons will call out to Facebook and Pinterest to display the share count. I want to reduce my contribution to ubiquitous tracking.*

Sharingbuttons.io is totally self-contained and doesn’t even use any JavaScript. You use their site to generate a set of buttons for a particular page, then copy the HTML and CSS to your site. Downsides: The HTML includes embedded SVG that has to be repeated on every page, and your page title and URL are repeated in each button within the page. I used this set on the old Alternative Browser Alliance site, replacing ShareThis. It’s only around five pages, so it was faster to repeat the generator five times than write a tool to template it.

Share42 uses locally-hosted JavaScript to avoid repeating the title and URL on every button, and a single image sprite generated from the set of buttons that you choose. You copy both files to your own site, so that it doesn’t contact a third-party server just by appearing. This also made it simpler to add to WordPress, because I only need to add an easily-templateable stub and enqueue a local script. So I put it on Speed Force, replacing Jetpack’s sharing module. I may put it on the old Flash reference site (which used to have ShareThis on it) if it seems like it’s worth it.

These are both topic-based projects. For my personal blog here, I’ve decided to just drop the share buttons entirely. I’m not sure how useful they are these days, anyway, especially on mobile, where sharing to an app is built into the system.

*Yes, I said reduce, not eliminate. I’m still using WordPress stats, for instance, though I’m phasing out Google Analytics on my personal sites, and of course anywhere you actually embed content from another site, the remote site can potentially track your visitors.

Flickr vs. Instagram / Who’s in Control?

Social media is a mess these days. Most of us follow too many people and organizations to keep up, so we need some way of narrowing it down…but the tools are typically built into each service, which has different priorities about what it wants you to see than you do. As they say, if you’re not paying, you’re the product.

I realized this is why I still prefer Flickr to Instagram: I’m still in control when I browse Flickr. With Instagram, the best I can do is pick from one firehose or another. Flickr has its issues, but I can find stuff there, and the timeline isn’t re-ordered to suit someone else’s priorities.

Ironically, I post more often on Instagram than on Flickr. Because I like Flickr more, I feel like I should take my time & curate my photos better. But I also end up posting many at a time on Flickr, and single photos on Instagram. I don’t feel like I’m spamming if I post twenty pictures to Flickr, but I do if I post that many* to Instagram.

I mentioned this on Mastodon, and my brother remarked that Flickr feels more like “adding to a collection,” while other sites are more “shoveling things at my friends/followers.” That’s true of most social networks: Facebook, Twitter, Instagram, even Mastodon are all about now. Going back to look at someone’s history feels like an accident. Or stalking.

On Facebook, it would be really weird to go through someone’s old posts and comment on them. On Flickr, that’s totally normal. If Twitter is like shouting into the void, hoping someone will hear you, Flickr is like building a gallery and hoping someone will visit. When someone finally does,** they’ll see it, and look around. But that scream on Twitter is already fading on the wind.

Especially if Twitter thinks your friends would be more interested in seeing a sponsored post instead.

*Instagram does let you post multi-photo stacks, but the stack only ever appears as a unit. Only the cover photo appears in timelines or searches, and the whole stack shares one description and one set of tags. Flickr lets you group photos into albums however you want, and people (including you) can find any individual photo and go from there to the rest of the album.

**Not that Flickr isn’t subject to the siren call of now either, but the long tail still exists there.

Star Wars: The Last Jedi Thoughts – It’s Complicated.

I’ve seen The Last Jedi twice now. I’m still not sure how I’d rank it, but the performances are way better than most of the prequel trilogy, and the story is the first theatrical Star Wars to break new ground in ages.

I’ll admit there’s a lot of stuff that happened that I didn’t like, but it made sense within the story context, and it was done in an interesting way. And there was a lot of cool stuff too…including a ton of blink-and-you’ll-miss-it details that I missed the first time through.

What do you mean, “Like?”

I learned years ago that “stuff happened that I didn’t like” and “it was badly made” are two separate comments on a movie, TV show, book, or other work of art.

Do I like the reason Luke left? No, but it makes sense. (A lot more sense than him joining the Dark Side with a resurrected clone of Darth Sidious, TBH.) When you think about it, it’s probably the best explanation they could have come up with for why Luke would decide that he’s part of the problem and remove himself from the galactic stage. It would have to be something majorly traumatic that he would blame himself for.

Do I like that the Resistance command don’t trust each other enough to share plans? No, but again it makes sense under the circumstances, and it feeds into the themes.

Structure and Hope

The Last Jedi feels different from the other Star Wars films. It’s a lot of separate threads that seem mostly unconnected but come together toward the end into a clear picture. Rey’s journey is critical, as is Kylo Ren’s, as is the link between their journeys. Luke’s reasons for being on the island, and his triumphant return, are tied deeply into the plight of the Resistance as it battles the loss of hope, which we see in the slow attrition of the fleet chase, the breakdown of trust within command, and finally the point where they’re reduced to one small band making what could well be a last stand.

And the trip to Canto Bight? For all the whining about it, I think it’s thematically more important than the chase. It shows people taking advantage of both sides of the conflict, and it shows ordinary civilians being oppressed…and that epilogue.

The First Order does everything they can to snuff out that spark of hope, and almost succeeds…but it flares again. We see it with Luke, and with Rey, but their actions only preserve what’s left. It still feels like a hollow victory until we see the epilogue and realize that the spark has taken hold, and is growing again — and that’s inspired as much by one kid’s encounter with Finn and Rose as the legend of Luke Skywalker.

Take out Canto Bight and you take out the epilogue. Take out the epilogue and you’re left with an unremittingly bleak story. Bleaker than Revenge of the Sith…but only* because we already knew where RoTS had to go.

Uncharted Regions

This is the first time since 1983 that there’s been real uncertainty about the future in a Star Wars movie. We didn’t know where The Empire Strikes Back was going, or Return of the Jedi. The prequel trilogy had a lot of surprises along the way, but we knew it would end with Anakin turning to the dark side and helping wipe out the Jedi, Palpatine becoming the Emperor, and the Republic becoming the Empire. I loved Rogue One, but again, we knew what it was building up to. And The Force Awakens was too focused on bringing fans back into the fold with familiarity to break new ground.

The Expanded Universe quickly set up a new status quo and told episodic stories within that setting. Some changes would stick over time, but you knew at the end of the day Leia was rebuilding the Republic, Luke was rebuilding the Jedi, and so on. Eventually they broke out of it and started making big changes with New Jedi Order, and subsequent stories that moved toward the more distant future of Legacy, but it was only a secondary canon, blessed but less official than the movies.

Now? We have no idea what might happen next. We can hope that the First Order will be defeated, because that’s the kind of story Star Wars is, but we have no idea what the cost will be, or who will make it through to the end, who might redeem themselves or turn to darkness.

And I have to wonder if that’s part of the backlash: Star Wars has been a familiar place for decades, and now that certainty is gone.

Cool stuff

So, some of those great details that I didn’t notice the first time through:

  • When Leia floats through the ruined bridge, she passes through the hologram of Snokes’ flagship, disrupting it just like Holdo’s hyperspace maneuver does later in the movie.
  • After Luke’s projection is finished, he sees two suns and the Force theme swells. The first time through I was so caught up in worry about Leia (tied up with Carrie Fisher’s death) that I didn’t quite notice. The second time through, I knew what was happening with her, but I just lost it at this moment.
  • The kid with the Resistance ring at the end doesn’t grab his broom and lift it – the broom moves to his hand.

*Well, that and Lucas didn’t manage to convey as much emotional heart in the prequels as he did in ANH or the other directors did w/ Empire & Jedi. They all felt slightly detached. And I’ve seen the actors in enough other movies to know it wasn’t their fault.