Tags: ad

I got a nice email from someone regarding my recent posts about performance on The Session. They said:

I hope this message finds you well. First and foremost, I want to express how impressed I am with the overall performance of https://thesession.org/. It’s a fantastic resource for music enthusiasts like me.

How nice! I responded, thanking them for the kind words.

They sent a follow-up clarification:

Awesome, anyway there was an issue in my message.

The line ‘It’s a fantastic resource for music enthusiasts like me.’ added by chatGPT and I didn’t notice.

I imagine this is what it feels like when you’re on a phone call with someone and towards the end of the call you hear a distinct flushing sound.

I wrote back and told them about Simon’s rule:

I will not publish anything that takes someone else longer to read than it took me to write.

That just feels so rude!

I think that’s a good rule.

The caching strategy for The Session that I wrote about is working a treat.

There are currently about 45,000 different tune settings on the site. One week after introducing the server-side caching, over 40,000 of those settings are already cached.

But even though it’s currently working well, I’m going to change the caching mechanism.

The eagle-eyed amongst you might have raised an eagle eyebrow when I described how the caching happens:

The first time anyone hits a tune page, the ABCs getting converted to SVGs as usual. But now there’s one additional step. I grab the generated markup and send it as an Ajax payload to an endpoint on my server. That endpoint stores the sheetmusic as a file in a cache.

I knew when I came up with this plan that there was a flaw. The endpoint that receives the markup via Ajax is accepting data from the client. That data could be faked by a malicious actor.

Sure, I’m doing a whole bunch of checks and sanitisation on the server, but there’s always going to be a way of working around that. You can never trust data sent from the client. I was kind of relying on security through obscurity …except it wasn’t even that obscure because I blogged about it.

So I’m switching over to using a headless browser to extract the sheetmusic. You may recall that I wrote:

I could spin up a headless browser, run the JavaScript and take a snapshot. But that’s a bit beyond my backend programming skills.

That’s still true. So I’m outsourcing the work to Browserless.

There’s a reason I didn’t go with that solution to begin with. Like I said, over 40,000 tune settings have already been cached. If I had used the Browserless API to do that work, it would’ve been quite pricey. But now that the flood is over and there’s a just a trickle of caching happening, Browserless is a reasonable option.

Anyway, that security hole has now been closed. Thank you to everyone who wrote in to let me know about it. Like I said, I was aware of it, but it was good to have it confirmed.

Funnily enough, the security lesson here is the same as my conclusion when talking about performance:

If that means shifting the work from the browser to the server, do it!

I managed to get out and play in trad sessions for four days straight: Sunday, Monday, Tuesday, and Wednesday.

Today I rest. Or rather, I pack.

There won’t be any Irish music sessions in my calendar for at least the next two weeks. There won’t be much of anything in my calendar. I’m about to be incommunicado as I travel to Amerikay on the wide Atlantic ocean.

You might have seen that video that’s been doing the rounds about how cruise ships got so big. I’m not going on a cruise. I’m going on a crossing. That video ends with:

There are over 320 cruise ships sailing around the world right now. But there’s only one ocean liner left. The Queen Mary 2.

That’s going to be my mode of transportation and my home for the next week.

Then I’ll be in New York for a weekend, followed by most of a week lying on St. Augustine beach in Florida.

All of my sparklines are about to flatline for a while: no blog posts, no links, no notes. I won’t have any internet access on board the ship.

Time for me to switch off my work email. I thought about setting up an autoresponder to let people know that I won’t be replying to their email for a few weeks. But then I thought, how is that any different from how I normally respond to email?

I’ve been immersing myself in musical activities recently.

Two weeks ago I was in the studio with Salter Cane. In three days, we managed to record eleven(!) songs! Not bad. We recorded everything live, treating the vocals as guide vocals. We’ve still got some overdubbing to do but we’re very happy with the productivity.

Being in a recording studio for days is intense. It’s an all-consuming activity that leaves you drained. And it’s not just the playing that’s exhausting—listening can be surprisingly hard work.

For those three days, I was pretty much offline.

Then the week after that, I was in Belfast all week for the trad festival. I’ve written up a report over on The Session. It was excellent! But again, it was all-consuming. Classes in the morning and sessions for the rest of the day.

I don’t post anything here in my journal for those two weeks. I didn’t read through my RSS subscriptions. I was quite offline.

I say “quite” offline, because the week after next I’m going to be really offline.

Remember when I took an ocean liner across the Atlantic four years ago? Well, to celebrate a milestone birthday for Jessica we’re going to do it again!

I’m really looking forward to it. And I feel like the recent musical immersions have been like training for the main event in the tournament of being completely cut off from the internet.

Quite a few people have been linking to this list on The Verge of what they consider the greatest tech books of all time.

To be clear, this is a fairly narrow definition of technology. It’s really a list of books about the history of computing. But there’s some great stuff in there.

I’ve been thinking the books about computing and technology that I’ve managed to get around to reading, and which ones made an impact on me. Some of these made it on The Verge’s list too, which is nice to see.

Broad Band by Clare L. Evans

I was blown away by the writing and the stories uncovered in “the untold story of the women who made the internet.” Here’s what I wrote when I read the book:

This book is pretty much the perfect mix. The topic is completely compelling—a history of women in computing. The stories are rivetting—even when I thought I knew the history, this showed me how little I knew. And the voice of the book is pure poetry.

It’s not often that I read a book that I recommend wholeheartedly to everyone. I prefer to tailor my recommendations to individual situations. But in the case of Broad Band, I honesty think that anyone would enjoy it.

Uncanny Valley by Anna Wiener

I read this one in 2020, not too long after it came out. In my end of year round-up, I described it like this:

A terrific memoir. It’s open and honest, and just snarky enough when it needs to be.

Close to the Machine by Ellen Ullman

I read this in 2018, many years after it first came out. Here’s how it came across to me:

Lots of ’90s feels in this memoir. A lot of this still resonates today. It’s kind of fascinating to read it now with the knowledge of how this whole internet thing would end up going.

Abolish Silicon Valley by Wendy Liu

This book is mostly excellent. But as I wrote when I got my hands on an advance copy, the juxtaposition of memoir and manifesto didn’t work for me:

Abolish Silicon Valley is 80% memoir and 20% manifesto. I worry that the marketing isn’t making that clear. It would be a shame if this great book didn’t find its audience.

The Victorian Internet by Tom Standage

Okay, this isn’t technically about computing, it’s about the telegraph. But it’s got the word “internet” in the title, and it’s a terrific read. Here’s what I wrote when I put it in Matt’s book-vending machine:

A book about the history of telegraphy might not sound like the most riveting read, but The Victorian Internet is both fascinating and entertaining. Techno-utopianism, moral panic, entirely new ways of working, and a world that has been utterly transformed: the parallels between the telegraph and the internet are laid bare. In fact, this book made me realise that while the internet has been a great accelerator, the telegraph was one of the few instances where a technology could truly be described as “disruptive.”

When Jason linked to the list of books on The Verge he said:

I’m baffled that Tracy Kidder’s amazing The Soul of a New Machine didn’t make the top 5 or even 10.

I’m more surprised that this book is held in such high esteem. It has not aged well. I read it in 2019 and had this to say:

This is a well-regarded book amongst people whose opinion I value. It’s also a Pulitzer prize winner. Strange, then, that I found it so unengaging. The prose is certainly written with gusto, but it all seems so very superficial to me. No matter how you dress it up, it’s a chronicle of a bunch of guys—and oh, boy, are they guys—making a commercial computer. Testosterone and solder—not my cup of tea.