A much quieter week, which is possibly the wrong way round as I’m now on holiday for a week. So trading a week where I mostly talked to people at work for a week where I won’t talk to people at work at all is only really going to work if I remember to talk to other people instead. Whereas if I’d talked to other people this week as well then I’d be all set for a week on my own ignoring the world completely.
The world deserves to be ignored, and not just the Matt Hancock bit who is still obsessed with mobile apps. Also, his quoted line “to reassert, as much as is safely possible, the liberty of us all” will do wonders for reminding politicians why they employ speechwriters.
Bored, I started to reverse my trend from a while ago of stacking books horizontally. I honestly don’t care about what it does to the spines (except for a very few volumes), but it’s just damn inconvenient to get them out when you want one.
I’ve done a back of the envelope calculation that I need another eleven shelves to take up the extra books that were previously better filling the available vertical space.
Fortunately I have space for more bookcases after clearing out a load of old boxes and storage bits and pieces back in week 4.
Made an approximation to carbonara today, amazingly for the first time. I now have a much better idea of how to do it next time, and yet another reminder of one problem with recipe books, specifically the one about onions.
If you generate URLs in your site that contain personal data (say an email address in an auto-login or confirmation link – although please don’t do that) then at least set
Referrer-Policy
to no higher thanorigin-when-cross-origin
(you can also do it viameta
). The default will leak personal data to the servers containing third party resources you load, such as Javascript libraries, even if they do nothing with it. Worse, security researchers will accuse you of sending data to Google, and no one wants that.This doesn’t seem to prevent cross-origin loaded Javascript from reading
document.referrer
, although it really should do.Chrome 84 will change the default, due July 2020. Firefox you can change the default policy in config.
Or use Content-Security-Policy to prevent anything cross-domain from loading in the first place.
It’s May. Just in case you’d lost track.
Stay safe.