Private Internet

SMTP MTA Strict Transport Security has to be one of the most confused RFCs ever published. The goal is to allow SMTP receivers to inform senders that fully validated TLS should be used. I implemented it for my domain years ago but didn’t think too much of it. But now I am going to implement it for FeedMail and am realizing how poorly designed it...

I recently took a trip to the Yukon (and two days in Alaska) with my partner Elaine. The trip was mostly hiking focused and generally enjoying the nature. We took almost two weeks which was a good amount of time for us. Enough to not rush and soak in a lot of nature but not so long that our legs really started hurting and we started missing the...

CORS, and the browser’s same-origin policy are often misunderstood. I’m going to explain what they are and what you need to do to stop worrying about them.Note: I’m going to talk about CORS and the same-origin policy as one thing and use the terms mostly interchangeably. This is because they are basically one system, they work together to decide...

I like SemVer. However, there is one important use case that I wish it supported better. This is what I’ll call “rolling deprecation”.The idea is simply that instead of removing APIs in a single compatibility-breaking version, you first deprecate an API in one version, then remove it in a later version. This gives time to migrate off of the...

A seemingly-obvious feature that I haven’t seen in any instant messenger yet. I want to be able to share a timestamp in a way that can be computer-understood and presented to the user with a good UX.For example, I want to say:Let’s have a call about this at 11:30.But that “11:30” is actually a rich object that encodes an exact timestamp. If your...