Link archive: June 1st, 2018

Four short stories and what I learnt writing them (31 May., 2018, at Interconnected)

I’ve been enjoying the stories over on Upsideclown so it’s great to get a peak inside Matt’s writing brain here.

I also happen to really, really like his four stories:

  1. Moving House
  2. The search for another intelligence
  3. The Ursa Major Moving Group
  4. Volume Five

I wouldn’t say I’m great at writing fiction. I find it tough. It is the easiest thing in the world for me to pick holes in what I’ve written. So instead, as an exercise—and as some personal positive reinforcement—I want to remind myself what I learnt writing each one, and also what I like.

Let’s make the grimy architecture of the web visible again by Russell Davies

Beneath the URL shorteners, the web!

It’s increasingly apparent that a more digitally literate citizenry would be good for a thousand different reasons. A great way to start would be to make URLs visible again, to let people see the infrastructure they’re living in.

A cartoon intro to DNS over HTTPS – Mozilla Hacks – the Web developer blog

This is a great illustrated explanation of how DNS resolution works.

CSS Is So Overpowered It Can Deanonymize Facebook Users

First of all, don’t panic—this browser vulnerability has been fixed, so the headline is completely out of proportion to the reality. But my goodness, this was a clever technique!

The technique relies on luring users to a malicious site where the attacker embeds iframes to other sites. In their example, the two embedded iframes for one of Facebook’s social widgets, but other sites are also susceptible to this issue.

The attack consists of overlaying a huge stack of DIV layers with different blend modes on top of the iframe. These layers are all 1x1 pixel-sized, meaning they cover just one pixel of the iframe.

Habalov and Weißer say that depending on the time needed to render the entire stack of DIVs, an attacker can determine the color of that pixel shown on the user’s screen.

The researchers say that by gradually moving this DIV “scan” stack across the iframe, “it is possible to determine the iframe’s content.”