CSF_02: Entropy Is Your Friend In Security

Welcome to the May 2025 edition of IndieWeb Movie Club! As your host for this month^1, I invite you to (re)watch the film “Tomorrowland” (https://movies.disney.com/tomorrowland), with an optional prequel book reading assignment! “Before Tomorrowland” (https://books.disney.com/book/before-tomorrowland/) was released about a month before the film, so it’s fine to read before watching. #Tomorrowland is available in various physical media formats, and via streaming on DisneyPlus^2. 130 minutes, rated PG. This month is the 10th anniversary of Tomorrowland’s release. The world was quite different in 2015. I had my own impressions of Tomorrowland when I first heard about it and then watched it much later (which I won’t link to yet to avoid spoilers or biasing your opinions). The film made such a strong impression on me that I held a group film viewing and discussion party in 2015! I’m curious how both first time viewers in 2025 and folks watching a second (or more) time think of Tomorrowland. If you would like to participate in this month’s IndieWeb Movie Club: * optional: read the prequel book * watch the film * blog a read^3 (for the book), watch^4, review^5, or even a simple note^6 post of your impressions, or some or all the above and link to this post If you want your post(s) to be included in the May 2025 IndieWeb Movie Club roundup, notify me with a Webmention^7 from your post, or drop a link in the IndieWeb chat discussion channel^8 and @-mention me. Since this is an IndieWeb community activity, please both follow the Code of Conduct^9, and also keep your post within the same rating (PG) as the movie. I may curate the roundup accordingly. Happy reading, watching, and dreaming! #TomorrowlandFilm #BeforeTomorrowland #IndieWeb #IndieWebMovieClub This is post 11 of #100PostsOfIndieWeb. #100Posts ← https://tantek.com/2025/077/t1/what-are-words-for-blogging → 🔮 References: ^1 https://indieweb.org/IndieWeb_Movie_Club#2025 ^2 https://www.disneyplus.com/en-gb/browse/entity-3355a91d-addb-4c66-91a6-136325e6ecf7 ^3 https://indieweb.org/read ^4 https://indieweb.org/watch ^5 https://indieweb.org/review ^6 https://indieweb.org/note ^7 https://indieweb.org/Webmention ^8 https://indieweb.org/discuss#indieweb ^9 https://indieweb.org/code-of-conduct

👍

@github.com/simoneonofri wrote: > is there a specific reason why “safe” was used in this context and "security" in the ethical principles? I believe we used the term “safe” as in safety as inclusive of both privacy and security in the linked principle as you noted. Both of those (and potentially more) are aspects of user safety, which is the perspective we wanted to capture and express, the human’s perspective. From a copywriting and readability perspective, we tried very hard to keep those specific points as short and broadly understandable (without any jargon implications) as possible. Simone, if you find that answer satisfactory, please feel free to close this issue as completed. Thanks again for your diligent review and follow-up, appreciated.

👍

👍

❤️

My Garmin watch did not sync activities with the Garmin Connect iOS app upon returning home from a week of travels. It did sync my steps from the day I landed, my sleep that night, and steps the following day. It just failed to pick up my running, hiking, and other activities logged when I was abroad. After a little searching and filtering out obvious tips (make sure Bluetooth is on and paired), I found the key steps and fixed it. How to get the Garmin Connect iOS app to sync Garmin watch activities that are seemingly being ignored: 1. unpair watch from phone (iOS Settings > Bluetooth > (i) next to watchname > "Forget This Device") 2. hard restart watch (e.g. hold down backlight button on a fenix 7S Pro to turn it off) 3. restart Garmin Connect app (force quit and re-open) 4. re-pair watch to phone 5. wait a while for all the activities to sync It seemed to sync hikes and walks first, then runs, roughly in reverse chronological order. The syncing spinner indicator in Garmin Connect took a while and prematurely completed the progress circle ○, and kept “spinning” the arrows 🔁 inside the circle for many minutes. Note: having some idea how software is written and handles queues etc., I highly recommend fixing any syncing problems like this before recording another activity in your watch. There is a chance that the software bug(s) that caused the syncing problem in the first place may inadvertently only pick up the latest activity and make it even harder to recover or sync the previously unsynced activities. I had no luck with web searching, e.g. for * why is Garmin ios app not syncing recent activities from my Garmin watch and similar queries. All “AI Overview” results were useless. Only after going to https://support.garmin.com/ and entering my watch model name and number did I somehow find this article: * Garmin Connect App: Device Is Paired but Not Connecting to App: https://support.garmin.com/en-US/?faq=9BcXLSQ4A22gasLarkUvH6 Which while not the exact problem I was having (my watch did connect, and sync two days of steps and one night of sleep), it felt close enough to be worth reading. Steps 3 and 4 in the article gave the key steps to try (though I split step 4 into two parts, and in the middle only restarted my watch, there was no reason to restart my phone) That article linked to another article on "How Do I Restart My Garmin Device?" which I also found useful: https://support.garmin.com/en-US/?faq=A6gOR1U2zDAFqmJVdap6k6 Hopefully by blogging this, the next person that has a similar problem (my guess is the Garmin Connect Android app works similarly) can more quickly find this solution and key steps by searching the open web. #Garmin #watch #GarminWatch #sportsWatch #GarminConnect #troubleShooting #GarminTroubleShooting

I’m happy to announce that something I and others have worked on very hard for the past few years has been published by the W3C Advisory Board (AB) and sent to the W3C Advisory Committee (AC) for a vote to make it official: Vision for W3C: https://www.w3.org/TR/2025/NOTE-w3c-vision-20250402/ Official announcement: https://www.w3.org/news/2025/proposal-to-endorse-vision-for-w3c-as-a-w3c-statement/ If your company is a W3C Member^1, please ask your Advisory Committee Representative^2 to vote to support publication of the Vision for W3C as an official W3C Statement: https://www.w3.org/wbs/33280/Vision2025/ (W3C Member-only link) Thank you for your support. #W3CVision #Vision #VisionForW3C #W3C (@w3c@w3c.social) #W3CAB (@ab@w3c.social) ^1 https://www.w3.org/membership/list/ ^2 https://www.w3.org/Member/ACList (W3C Member-only link)

“Tell me, what are words for?” They are for blogging! Earlier today during an informal espresso live stream in the #indieweb cafe, Spotify was playing an auto-generated daylist, something like “romantic 80s tuesday morning”, and the 1982 song “Words”^1 by the band Missing Persons came on. When we heard this lyric: 🎶 What are words for when no one listens? 🎶 I remarked half-jokingly in response: Words are for blogging, whether anyone is listening, reading, or not. Another participant noted that blogging sometimes feels like screaming into the void. I noted it doesn’t matter if anyone is reading (or listening), it’s fine to blog for an audience of one, yourself, even just to have something to refer to or reference in the future. When I write a post it’s often directed at only a small number of people, who may be part of a larger conversation. The point of publishing it publicly is to assert a level of confidence and credibility by the act of “putting it on the permanent record” (since nearly everything blogged is promptly indexed and archived.) with a permalink. The lyrics have some quite prescient bits, like this: “No one notices, I think I'll dye my hair blue Media overload bombarding you with action It’s getting near impossible to cause distraction” Written and sung more than forty years ago. Long before the web (or #socialWeb) was a thing. Rewriting the lyrics as a parody could be a fun project, e.g.: 🎶 What are blogs for when no one reads them? 🎶 some existing lyrics barely need any edits, like: “It’s like the feeling at the end of the page When you realize you don't know what you just read” perhaps an exercise for the reader for now. Previously: “Inbox Zero” (parody of The Fixx “Saved by Zero”^2) * https://tantek.com/w/InboxZero (2009-01-29 https://tantek.com/twttr/status/1160324190) This is post 10 of #100PostsOfIndieWeb. #100Posts ← https://tantek.com/2025/055/t1/three-steps-indieweb-cybersecurity → https://tantek.com/2025/120/t1/indieweb-movie-club-tomorrowland Glossary blog https://indieweb.org/blog blogging https://indieweb.org/blogging permalink https://indieweb.org/permalink why blog https://indieweb.org/why_post References ^1 https://libre.fm/artist/Missing+Persons/track/Words (YouTube link inside) ^2 https://libre.fm/artist/The+Fixx/track/Saved+by+Zero (YouTube link inside)

❤️

Thanks @zeldman.com (@zeldman.bsky.social @zeldman@front-end.social @zeldman) 🙏🏻 Appreciate your kind words, and same appreciation of your decades of dedicated work & words right back at you. I feel we’re all doing what we can to keep at least parts of the web a positive place to connect and collaborate. #indieweb These recent words of yours (tweeted 2024-11-26) struck a chord that resonated: “Our euphoria during the first 25 years of web design turns out to have significantly overestimated human intelligence, compassion, and decency.” Here’s to decades more work & words, perhaps with some acceptance of your observation, and shifting our designs to meet people where they are, enabling and encouraging them to be and do better.

Something I wrote in the W3C Authentic Web Mini Workshop’s Zoom chat: Another implicit assumption (flaw) that is often a part of "purely technical solutions" is the neglect or ignorance (innocent naïveté) of existing technical solutions. A technical proposal should not be praised for what it claims to solve. A technical proposal must be evaluated by what marginal difference or advantage does it provide over existing technologies. Any technical proposal that ignores prior technologies is itself doomed to be ignored by the next technical proposal. In addition to the slide presentations (links to come) in the mini workshop and Zoom verbal discussion which was minuted (link to come), there was a lot of very interesting discussion in the Zoom chat, which was not minuted. Sometimes such quick back & forth can help inspire summarizing of points which one had not previously written down. I was encouraged by a fellow workshop participant to blog this one so here it is! #W3C #credweb #credibleWeb #authenticWeb #technology #technical #proposal #technicalProposal #history

I just participated in the first W3C Authentic Web Mini Workshop^1 hosted by the Credible Web Community Group^2 (of which I’m a longtime member) and up front I noted that our very discussion itself needed to be careful about its own credibility, extra critical of any technologies discussed or assertions made, and initially identified two flaws to avoid on a meta level, having seen them occur many times in technical or standards discussions: 1. Politician’s Syllogism — "Something must be done about this problem. Here is something, let's do it!" 2. Solutions Looking For Problems — "I am interested in how tech X can solve problem Y" After some back and forth and arguments in the Zoom chat, I observed participants questioning speakers of arguments rather than the arguments themselves, so I had to identify a third fallacy to avoid: 3. Ad Hominem — while obvious examples are name-calling (which is usually against codes of conduct), less obvious examples (witnessed in the meeting) include questioning a speaker’s education (or lack thereof) like what they have or have not read, or would benefit from reading. I am blogging these here both as a reminder (should you choose to participate in such discussions), and as a resource to cite in future discussions. We need to all develop expertise in recognizing these logical and methodological flaws & fallacies, and call them out when we see them, especially when used against others. We need to promptly prune these flawed methods of discussion, so we can focus on actual productive, relevant, and yes, credible discussions. #W3C #credweb #credibleWeb #authenticWeb #flaw #fallacy #fallacies #logicalFallacy #logicalFallacies Glossary Ad Hominem attacking an attribute of the person making an argument rather than the argument itself https://en.wikipedia.org/wiki/Ad_hominem Politician's syllogism https://en.wikipedia.org/wiki/Politician%27s_syllogism Solutions Looking For Problems (related: #solutionism, #solutioneering) Promoting a technology that either has not identified a real problem for it to solve, or actively pitching a specific technology to any problem that seems related. Wikipedia has no page on this but has two related pages: * https://en.wikipedia.org/wiki/Law_of_the_instrument * https://en.wikipedia.org/wiki/Technological_fix Wikipedia does have an essay on this specific to Wikipedia: * https://en.wikipedia.org/wiki/Wikipedia:Solutions_looking_for_a_problem Stack Exchange has a thread on "solution in search of a problem": * https://english.stackexchange.com/questions/250320/a-word-that-means-a-solution-in-search-of-a-problem Forbes has an illustrative anecdote: * https://www.forbes.com/sites/stephanieburns/2019/05/28/solution-looking-for-a-problem/ References ^1 https://www.w3.org/events/workshops/2025/authentic-web-workshop/ ^2 https://credweb.org/ and https://www.w3.org/community/credibility/ Previously in 2019 I participated @misinfocon.com #MisinfoCon: * https://tantek.com/2019/296/t1/london-misinfocon-discuss-spectrum-recency * https://tantek.com/2019/296/t2/misinfocon-roundtable-spectrums-misinformation

Ten years ago today I coined the shorthand “js;dr” for “JavaScript required; Didn’t Read” * https://tantek.com/2015/069/t1/js-dr-javascript-required-dead in reference to (primarily content) pages that were empty (or nearly so) without scripts. Since then js;dr found its way into a book: Page 88 of “Inclusive Design Patterns” by @heydonworks.com (@heydon@front-end.social) https://web.archive.org/web/20190405121448im_/https://pbs.twimg.com/media/Cv9bNjYW8AAHOac.jpg (Cropped photo of part of page 88 of Inclusive Design Patterns at an angle) https://web.archive.org/web/20190405121431/https://twitter.com/jkphl/status/792452368562618369 and stickers! https://andrew.kvalhe.im/+gcs1iho7eqcknyiqxtjm5qadxi366ewu?x=.jpg (A hand holding about a dozen stickers with the “js;dr” in black on white text die-cut around the edges of the lettering) https://kvalhe.im/@andrew/103211689652698610 At the time I made the claim that: “in 10 years nothing you built today that depends on JS for the content will be available, visible, or archived anywhere on the web.” I’ve seen and documented many such sites, built with a hard dependency on scripting, that end up dead and unarchived. Many of these have been documented on the IndieWeb’s js;dr page: * https://indieweb.org/js;dr I have to ask though: does anyone remember building a site 10 years ago (Internet Archive citation) with a Javascript library/framework dependency to display content, that still works today? E.g. using one of the popular libraries/frameworks used to build such sites back then like AngularJS (discontinued 2022), Backbone.js, Ember.js, or even React which was still quite new at the time. The one almost exception I found was Facebook, e.g. this Smashing Magazine post on Facebook barely renders some content and all commentary is missing, in the earliest (2019) version saved on the Internet Archive: * https://web.archive.org/web/20191123225253/https://www.facebook.com/smashmag/posts/10153198367332490 You can extract the direct Facebook link if you want to try viewing it in the present. Regarding those libraries/frameworks themselves, I wrote: “All your fancy front-end-JS-required frameworks are dead to history, a mere evolutionary blip in web app development practices. Perhaps they provided interesting ephemeral prototypes, nothing more.” Of all those listed above, only React has grown since, likely at the expense of the others. However instead of fewer such libraries and frameworks today, it seems we have many more (though it feels like their average hypespan is getting shorter with each iteration). Since I wrote “js;dr”, the web has only become more fragile, with ever more dependencies on scripting just to display text content. The irony here is that Javascript, like XML, has draconian parsing rules. One syntax error and the whole script is thrown out. This means it’s far too easy for any such JS-dependent site to break, in one or more browsers, whenever browsers change, or Javascript changes, or both. You wouldn’t build a site today (or 20 years ago) that depends on fragile draconian XML parsing, so why build a site that depends on fragile draconian Javascript parsing? I’ll repeat my claim from ten years ago, slightly amended, and shortened: In 5 years nothing you (personally, not a publicly traded company) build today that depends on Javascript in the browser to display content will be available, visible, or archived anywhere on the web. There’s a lot more to unpack about what we’ve collectively lost in the past ten years of fragile scripting-dependent site-deaths, and why web developers are choosing to build more fragile websites than they did 10 or certainly 20 years ago. For now I’ll leave you with a few positive encouragements: Practice Progressive Enhancement. Build first and foremost with forgiving technologies, declarative technologies, and forward and backward compatible coding techniques. All content should be readable without scripting. Links, buttons, text fields, and any other interactive HTML elements should all work without scripting. Scripts are great for providing an enhanced user experience, or additional functionality such as offline support. Then make sure to test your pages and sites without scripts, to make sure they still work. If it's worth building on the web, it's worth building it robustly, and building it to last.