MTA-STS is Stupid

I recently took a trip to the Yukon (and two days in Alaska) with my partner Elaine. The trip was mostly hiking focused and generally enjoying the nature. We took almost two weeks which was a good amount of time for us. Enough to not rush and soak in a lot of nature but not so long that our legs really started hurting and we started missing the...

CORS, and the browser’s same-origin policy are often misunderstood. I’m going to explain what they are and what you need to do to stop worrying about them.Note: I’m going to talk about CORS and the same-origin policy as one thing and use the terms mostly interchangeably. This is because they are basically one system, they work together to decide...

I like SemVer. However, there is one important use case that I wish it supported better. This is what I’ll call “rolling deprecation”.The idea is simply that instead of removing APIs in a single compatibility-breaking version, you first deprecate an API in one version, then remove it in a later version. This gives time to migrate off of the...

Many widespread internet protocols were written at a time when internet security wasn’t much of a consideration. From things like lack of From address verification in email to NTP reflection there are lots of protocols that are now considered badly designed. When they were authored there was a lot of implicit trust (For example because there were...

A seemingly-obvious feature that I haven’t seen in any instant messenger yet. I want to be able to share a timestamp in a way that can be computer-understood and presented to the user with a good UX.For example, I want to say:Let’s have a call about this at 11:30.But that “11:30” is actually a rich object that encodes an exact timestamp. If your...