Ran my 13th Bay to Breakers race in 1:55:31 today! 4min+ faster than last year.

Once again the Midnight Runners crew cheered runners in Hayes Valley at the park a couple of blocks before the hill.

Felt better than I did last year, more able to sustain a moderate pace.

One quick pitstop in Golden Gate Park, and then picked up the pace to finish with a negative split and well under 2 hours. This time I made sure to keep running until I was well past the last timing strip.

Other than the Midnight Runners cheer gang, this year I did not see anyone I knew the whole race. Bus + BART + jog to the start. Howard street up to Hayes hill, then by the Panhandle and through Golden Gate park to the finish.

I did spot a neighbor after the finish and we caught up on the walk to the N-Judah light rail. Seeing the long line I decided to easy run backwards along the race course to see the costumes and a few human carried floats.

Caught the Midnight Runners crew on the Conservatory of Flowers steps and hiked back to the Panhandle together. After catching up with a few friends I went home to shower and eat before heading back to the Panhandle.

In contrast to last year, last Friday I only did a short shakeout run — no evening run and staying out late with Midnight Runners. Saturday SFRC was about the same distance.

Similar to last year I took a bus to Van Ness, then jogged to the Civic Center station and took BART to Embarcadero. It seems that’s the only reliable transit option, no matter what any mapping application (Apple Maps, Google Maps, or Routesy) claims about bus or lightrail times or routes (they were all wrong, yet again, just like last year).

Despite not seeing any friends running the race, feeling both stronger and more confident in my training was enough to boost my mood for the duration. I was grateful to be out there running on a beautiful day.

Last year: https://tantek.com/2024/150/t1/ran-baytobreakers

#SanFrancisco #run #runner #race #roadRace #B2B #Bay2Breakers #BayToBreakers

Running For Re-election in the 2025 W3C Advisory Board (AB) Election

Tantek Çelik is nominated by Mozilla Foundation.
Nomination statement from Tantek Çelik:

Hi, I'm Tantek Çelik and I'm running for the W3C Advisory Board (AB) to build on the momentum the AB has built with transitioning W3C to a community-led and values-driven organization. I have been participating in and contributing to W3C groups and specifications for over 25 years.

I am Mozilla’s Advisory Committee (AC) representative and previously served on the AB for several terms, starting in 2013, with a two year break before returning in 2020. In early years I drove the movement to shift W3C to more open licenses for specifications, and more responsiveness to the needs of open source communities and independent website publishers.

Most recently on the AB I led the AB’s Priority Project for a W3C Vision as contributor and editor, taking it through wide review, and consensus at the AB to a vote by the AC to adopt the Vision as an official W3C Statement.

Previously I also co-chaired the W3C Social Web Working Group that produced several widely interoperably deployed Social Web Standards. Mastodon and other open source software projects built a social network on ActivityPub and other social web specs which now require maintenance from implementation experience. As such, I have participated in the Social Web Incubator Community Group and helped draft a new charter to restart the Social Web Working Group and maintain these widely adopted specifications.

With several members stepping down, the AB is experiencing much higher than usual turnover in this election.

I am running for re-election to both help with continuity, on the Vision project and other efforts, and work with new and continuing Advisory Board members to build a fresh, forward looking focus for the AB.

I believe governance of W3C, and advising thereof, is most effectively done by those who have the experience of actively collaborating in working groups producing interoperable specifications, and especially those who directly create on the web using W3C standards. This direct connection to the actual work of the web is essential to prioritizing the purpose & scope of governance of that work.

Beyond effective governance, the AB has played the more crucial role of a member-driven change agent for W3C. While the Board and Team focus on the operations of keeping the W3C legal entity running smoothly, the AB has been and should continue to be where Members go to both fix problems and drive forward-looking improvements in W3C to better fulfill our Vision and Mission.

I have Mozilla's financial support to spend my time pursuing these goals, and ask for your support to build the broad consensus required to achieve them.

I post on my personal site tantek.com. You may follow my posts there or from Mastodon: @tantek.com@tantek.com

If you have any questions or want to chat about the W3C Advisory Board, Values, Vision, or anything else W3C related, please reach out by email: tantek at mozilla.com. Thank you for your consideration.

Addendum: More Candidates Blogged Nomination Statements

Several other candidates (all new candidates) have also blogged their nomination statements, on their personal websites, naturally. This is the first AB election I know of where more than one candidate blogged their nomination statement. Ordered earliest published first:

And one more candidate blogged about why he is running:

Daniel Appelquist: Why am I running for W3C Advisory Board?

Last Friday I published my second Cybersecurity Friday post with three more key steps for cybersecurity. In summary:

1. Different email address for each account, AKA email masking. Use or create a different email alias for each service you sign-up for.
2. Different password for each account. This is a well known security technique against credential stuffing attacks.
3. Use a password manager to autofill. Always using a password manager to autofill your login username (or email) and password can be a very effective method of reducing the chances of being phished.

Full post with details: https://tantek.com/2025/122/b1/more-steps-indieweb-cybersecurity

#CyberSecurity Friday #cyber #security

Previously: https://tantek.com/2025/055/t1/three-steps-indieweb-cybersecurity

↳ In reply to issue 12 of GitHub project “authentic-web-workshop” Additional suggested pre-read for workshop participants, given the primary topic of this meeting:

* "C2PA Is Not Going To Fix Our Misinformation Problem" (https://lowentropy.net/posts/c2pa/) by Martin Thomson (@lowentropy.net @github.com/martinthomson)

I have a conflict for most of the duration of this mini-workshop instance.

The time of this second instance is also the same as the first, which is exceptionally unfriendly to participants in Asia and Oceania, such as the author of the above pre-read.

If there is an intention to continue this mini-workshop series, I request rotating future event instances across times that are more friendly and accommodating across timezones in order to be more inclusive of global participants.

Lastly, here is another suggested pre-read on a fallacy I noted in the prior mini workshop^1:
* "Politician’s Syllogism" (https://en.wikipedia.org/wiki/Politician%27s_syllogism)

Thank you for your attention to both of these suggested pre-reads.

Stay skeptical, my friends.

Tantek Çelik, Mozilla Advisory Committee Representative, Member of W3C Credible Web Community Group (https://credweb.org/)

^1 https://github.com/w3c/authentic-web-workshop/blob/main/minutes/2025-03-12AuthWeb.md

May the Fourth be with you!

There’s a movie discussion podcast that I discovered via my pal Tom Coates (@plasticbag.org @tomcoates@me.dm @tomcoates) when he posted their episode on the movie Gattaca^1 where they had him on as a special guest.

Originally started in 2020 as “Dune Pod” about all things related to the then upcoming Dune movie, as they covered more and more movies of a certain kind from mostly the 1980s and 1990s, they renamed themselves “Escape Hatch”.

For their 250th episode which they coincidentally released yesterday or today depending on your timezone, they decided to cover the classic 1980 Star Wars sequel Empire Strikes Back.

An intelligent, nerdy, well researched, and overall entertaining discussion of what may be one of the greatest movies of all time — certainly the best Star Wars film.

Check it out: https://www.patreon.com/posts/episode-250-back-128092542

#DunePod #EscapeHatch #StarWars #EmpireStrikesBack #TheEmpireStrikesBack
#MayTheFourthBeWithYou #MayTheFourth #MayThe4thBeWithYou #MayThe4th

^1 https://open.spotify.com/episode/6BUuNvkhqwdrZGIkKAYBya

CSF_02: Entropy Is Your Friend In Security

Deliberate use of entropy, randomness, even changing routines can provide a layer of defense for cybersecurity.

More Steps for Cybersecurity

Here are three more steps (in addition to Three Steps for IndieWeb Cybersecurity) that you can take to add obstacles to any would be attackers, and further secure your online presence.

Different email address for each account, AKA email masking. Use or create a different email alias for each service you sign-up for. With a single email inbox, like any username at Gmail, you can often append a plus sign (+) and a brief random string. If you use your own #indieweb domain for email addresses, pick a different name at that domain for each service, with a bit of entropy like a short number. Lastly, another option is to use an email masking service — try a web search for that phrase for options to check out. Each of these works to limit or at least slow down an attacker, because even if they gain control of one email alias or account, any “forgot password” (AKA password reset or account reset, or sometimes called recovery) attempts with that same email on other services won’t work, since each service only knows about an email address unique to it.
Different password for each account. This is a well known security technique against credential stuffing attacks. I.e. if someone retrieves your username and password from a data breach, or guesses them, or tricks (phishes) you into entering them for one service, they may try to “stuff” those “credentials” into other services. Using different passwords for all online services you use can thwart that attack. Note however that different passwords with the same email address will not stop an account reset attack, which is why this tip is second to email masking.
Use a password manager to autofill. All modern browsers and many operating systems have built-in password managers, most of which also offer free sync services across devices. There is also third party password manager software and third party password manager services which are designed to work across devices, browsers, and operating systems. Regardless of which option you choose, always using a password manager to autofill your login username (or email) and password can be a very effective method of reducing the chances of being phished. Password managers will not autofill forms on fake phishing domains that are pretending to be a legitimate service. Password managers can also help with keeping track of unique email addresses and passwords for each service. Most will also auto-generate long and random (high entropy) passwords for you.

I’ll close with a reminder that Perfect is the enemy of good. This post has been a draft for a while so I decided to publish it as a summary, rather than continuing to iterate on it. I’m sure others have written much longer posts. Similarly, even if you cannot take all these actions immediately everywhere, you can benefit by incrementally taking some of these steps on some accounts. Prioritize important accounts and take steps to increase their security.

Previous post in this series: CSF_01: Three Steps for IndieWeb Cybersecurity

Glossary

Glossary for some terms, phrases, and further reading on each.

credential stuffing: https://en.wikipedia.org/wiki/Credential_stuffing
data breach: https://en.wikipedia.org/wiki/Data_breach
entropy: https://en.wikipedia.org/wiki/Entropy_(information_theory)
password manager: https://en.wikipedia.org/wiki/Password_manager
phish, phished, phishes, phishing: https://en.wikipedia.org/wiki/Phishing

Syndicated to: IndieNews

Welcome to the May 2025 edition of IndieWeb Movie Club!

As your host for this month^1, I invite you to (re)watch the film “Tomorrowland” (https://movies.disney.com/tomorrowland), with an optional prequel book reading assignment!

“Before Tomorrowland” (https://books.disney.com/book/before-tomorrowland/) was released about a month before the film, so it’s fine to read before watching.

#Tomorrowland is available in various physical media formats, and via streaming on DisneyPlus^2. 130 minutes, rated PG.

This month is the 10th anniversary of Tomorrowland’s release.

The world was quite different in 2015.

I had my own impressions of Tomorrowland when I first heard about it and then watched it much later (which I won’t link to yet to avoid spoilers or biasing your opinions). The film made such a strong impression on me that I held a group film viewing and discussion party in 2015!

I’m curious how both first time viewers in 2025 and folks watching a second (or more) time think of Tomorrowland.

If you would like to participate in this month’s IndieWeb Movie Club:
* optional: read the prequel book
* watch the film
* blog a read^3 (for the book), watch^4, review^5, or even a simple note^6 post of your impressions, or some or all the above and link to this post

If you want your post(s) to be included in the May 2025 IndieWeb Movie Club roundup, notify me with a Webmention^7 from your post, or drop a link in the IndieWeb chat discussion channel^8 and @-mention me.

Since this is an IndieWeb community activity, please both follow the Code of Conduct^9, and also keep your post within the same rating (PG) as the movie. I may curate the roundup accordingly.

Happy reading, watching, and dreaming!

#TomorrowlandFilm #BeforeTomorrowland #IndieWeb #IndieWebMovieClub

This is post 11 of #100PostsOfIndieWeb. #100Posts

← https://tantek.com/2025/077/t1/what-are-words-for-blogging
→ 🔮

Submissions:
* Paolo Feadin: https://www.feadin.eu/en/posts/tomorrowland
* Thomas Vander Wal: https://vanderwal.net/random/entrysel.php?blog=2119
* gRegor Morrill: https://gregorlove.com/2025/05/tomorrowland/

References:

^1 https://indieweb.org/IndieWeb_Movie_Club#2025
^2 https://www.disneyplus.com/en-gb/browse/entity-3355a91d-addb-4c66-91a6-136325e6ecf7
^3 https://indieweb.org/read
^4 https://indieweb.org/watch
^5 https://indieweb.org/review
^6 https://indieweb.org/note
^7 https://indieweb.org/Webmention
^8 https://indieweb.org/discuss#indieweb
^9 https://indieweb.org/code-of-conduct

👍 to a comment on issue 269 of GitHub project “AB-public”

↳ In reply to a comment on issue 77 of GitHub project “security-request” @github.com/simoneonofri wrote:

> is there a specific reason why “safe” was used in this context and "security" in the ethical principles?

I believe we used the term “safe” as in safety as inclusive of both privacy and security in the linked principle as you noted. Both of those (and potentially more) are aspects of user safety, which is the perspective we wanted to capture and express, the human’s perspective.

From a copywriting and readability perspective, we tried very hard to keep those specific points as short and broadly understandable (without any jargon implications) as possible.

Simone, if you find that answer satisfactory, please feel free to close this issue as completed. Thanks again for your diligent review and follow-up, appreciated.

👍 to a comment on issue 269 of GitHub project “AB-public”

👍 to issue 269 of GitHub project “AB-public”

❤️ to issue 269 of GitHub project “AB-public”

My Garmin watch did not sync activities with the Garmin Connect iOS app upon returning home from a week of travels. It did sync my steps from the day I landed, my sleep that night, and steps the following day. It just failed to pick up my running, hiking, and other activities logged when I was abroad.

After a little searching and filtering out obvious tips (make sure Bluetooth is on and paired), I found the key steps and fixed it.

How to get the Garmin Connect iOS app to sync Garmin watch activities that are seemingly being ignored:

1. unpair watch from phone (iOS Settings > Bluetooth > (i) next to watchname > "Forget This Device")
2. hard restart watch (e.g. hold down backlight button on a fenix 7S Pro to turn it off)
3. restart Garmin Connect app (force quit and re-open)
4. re-pair watch to phone
5. wait a while for all the activities to sync

It seemed to sync hikes and walks first, then runs, roughly in reverse chronological order.

The syncing spinner indicator in Garmin Connect took a while and prematurely completed the progress circle ○, and kept “spinning” the arrows 🔁 inside the circle for many minutes.

Note: having some idea how software is written and handles queues etc., I highly recommend fixing any syncing problems like this before recording another activity in your watch. There is a chance that the software bug(s) that caused the syncing problem in the first place may inadvertently only pick up the latest activity and make it even harder to recover or sync the previously unsynced activities.

I had no luck with web searching, e.g. for
* why is Garmin ios app not syncing recent activities from my Garmin watch
and similar queries.

All “AI Overview” results were useless.

Only after going to https://support.garmin.com/ and entering my watch model name and number did I somehow find this article:
* Garmin Connect App: Device Is Paired but Not Connecting to App: https://support.garmin.com/en-US/?faq=9BcXLSQ4A22gasLarkUvH6

Which while not the exact problem I was having (my watch did connect, and sync two days of steps and one night of sleep), it felt close enough to be worth reading.

Steps 3 and 4 in the article gave the key steps to try (though I split step 4 into two parts, and in the middle only restarted my watch, there was no reason to restart my phone)

That article linked to another article on "How Do I Restart My Garmin Device?" which I also found useful: https://support.garmin.com/en-US/?faq=A6gOR1U2zDAFqmJVdap6k6

Hopefully by blogging this, the next person that has a similar problem (my guess is the Garmin Connect Android app works similarly) can more quickly find this solution and key steps by searching the open web.

#Garmin #watch #GarminWatch #sportsWatch #GarminConnect #troubleShooting #GarminTroubleShooting

I’m happy to announce that something I and others have worked on very hard for the past few years has been published by the W3C Advisory Board (AB) and sent to the W3C Advisory Committee (AC) for a vote to make it official:

Vision for W3C: https://www.w3.org/TR/2025/NOTE-w3c-vision-20250402/

Official announcement: https://www.w3.org/news/2025/proposal-to-endorse-vision-for-w3c-as-a-w3c-statement/

If your company is a W3C Member^1, please ask your Advisory Committee Representative^2 to vote to support publication of the Vision for W3C as an official W3C Statement:

https://www.w3.org/wbs/33280/Vision2025/ (W3C Member-only link)

Thank you for your support.

#W3CVision #Vision #VisionForW3C #W3C (@w3c@w3c.social) #W3CAB (@ab@w3c.social)

^1 https://www.w3.org/membership/list/
^2 https://www.w3.org/Member/ACList (W3C Member-only link)

“Tell me, what are words for?” They are for blogging!

Earlier today during an informal espresso live stream in the #indieweb cafe, Spotify was playing an auto-generated daylist, something like “romantic 80s tuesday morning”, and the 1982 song “Words”^1 by the band Missing Persons came on.

When we heard this lyric:

🎶 What are words for when no one listens? 🎶

I remarked half-jokingly in response:

Words are for blogging, whether anyone is listening, reading, or not.

Another participant noted that blogging sometimes feels like screaming into the void.

I noted it doesn’t matter if anyone is reading (or listening), it’s fine to blog for an audience of one, yourself, even just to have something to refer to or reference in the future.

When I write a post it’s often directed at only a small number of people, who may be part of a larger conversation. The point of publishing it publicly is to assert a level of confidence and credibility by the act of “putting it on the permanent record” (since nearly everything blogged is promptly indexed and archived.) with a permalink.

The lyrics have some quite prescient bits, like this:

“No one notices, I think I'll dye my hair blue
Media overload bombarding you with action
It’s getting near impossible to cause distraction”

Written and sung more than forty years ago. Long before the web (or #socialWeb) was a thing.

Rewriting the lyrics as a parody could be a fun project, e.g.:

🎶 What are blogs for when no one reads them? 🎶

some existing lyrics barely need any edits, like:

“It’s like the feeling at the end of the page
When you realize you don't know what you just read”

perhaps an exercise for the reader for now.

Previously: “Inbox Zero” (parody of The Fixx “Saved by Zero”^2)
* https://tantek.com/w/InboxZero (2009-01-29 https://tantek.com/twttr/status/1160324190)

This is post 10 of #100PostsOfIndieWeb. #100Posts

← https://tantek.com/2025/055/t1/three-steps-indieweb-cybersecurity
→ https://tantek.com/2025/120/t1/indieweb-movie-club-tomorrowland

Glossary

blog
https://indieweb.org/blog
blogging
https://indieweb.org/blogging
permalink
https://indieweb.org/permalink
why blog
https://indieweb.org/why_post

References

^1 https://libre.fm/artist/Missing+Persons/track/Words (YouTube link inside)
^2 https://libre.fm/artist/The+Fixx/track/Saved+by+Zero (YouTube link inside)

❤️ to a comment on issue 211 of GitHub project “AB-public”

↳ In reply to bsky.app’s post Thanks @zeldman.com (@zeldman.bsky.social @zeldman@front-end.social @zeldman) 🙏🏻

Appreciate your kind words, and same appreciation of your decades of dedicated work & words right back at you.

I feel we’re all doing what we can to keep at least parts of the web a positive place to connect and collaborate. #indieweb

These recent words of yours (tweeted 2024-11-26) struck a chord that resonated:

“Our euphoria during the first 25 years of web design turns out to have significantly overestimated human intelligence, compassion, and decency.”

Here’s to decades more work & words, perhaps with some acceptance of your observation, and shifting our designs to meet people where they are, enabling and encouraging them to be and do better.

Something I wrote in the W3C Authentic Web Mini Workshop’s Zoom chat:

Another implicit assumption (flaw) that is often a part of "purely technical solutions" is the neglect or ignorance (innocent naïveté) of existing technical solutions.

A technical proposal should not be praised for what it claims to solve.

A technical proposal must be evaluated by what marginal difference or advantage does it provide over existing technologies.

Any technical proposal that ignores prior technologies is itself doomed to be ignored by the next technical proposal.

In addition to the slide presentations (links to come) in the mini workshop and Zoom verbal discussion which was minuted (link to come), there was a lot of very interesting discussion in the Zoom chat, which was not minuted. Sometimes such quick back & forth can help inspire summarizing of points which one had not previously written down.

I was encouraged by a fellow workshop participant to blog this one so here it is!

#W3C #credweb #credibleWeb #authenticWeb #technology #technical #proposal #technicalProposal #history

I just participated in the first W3C Authentic Web Mini Workshop^1 hosted by the Credible Web Community Group^2 (of which I’m a longtime member) and up front I noted that our very discussion itself needed to be careful about its own credibility, extra critical of any technologies discussed or assertions made, and initially identified two flaws to avoid on a meta level, having seen them occur many times in technical or standards discussions:

1. Politician’s Syllogism — "Something must be done about this problem. Here is something, let's do it!"

2. Solutions Looking For Problems — "I am interested in how tech X can solve problem Y"

After some back and forth and arguments in the Zoom chat, I observed participants questioning speakers of arguments rather than the arguments themselves, so I had to identify a third fallacy to avoid:

3. Ad Hominem — while obvious examples are name-calling (which is usually against codes of conduct), less obvious examples (witnessed in the meeting) include questioning a speaker’s education (or lack thereof) like what they have or have not read, or would benefit from reading.

I am blogging these here both as a reminder (should you choose to participate in such discussions), and as a resource to cite in future discussions.

We need to all develop expertise in recognizing these logical and methodological flaws & fallacies, and call them out when we see them, especially when used against others.

We need to promptly prune these flawed methods of discussion, so we can focus on actual productive, relevant, and yes, credible discussions.

#W3C #credweb #credibleWeb #authenticWeb #flaw #fallacy #fallacies #logicalFallacy #logicalFallacies

Glossary

Ad Hominem
attacking an attribute of the person making an argument rather than the argument itself
https://en.wikipedia.org/wiki/Ad_hominem

Politician's syllogism
https://en.wikipedia.org/wiki/Politician%27s_syllogism

Solutions Looking For Problems (related: #solutionism, #solutioneering)
Promoting a technology that either has not identified a real problem for it to solve, or actively pitching a specific technology to any problem that seems related. Wikipedia has no page on this but has two related pages:
* https://en.wikipedia.org/wiki/Law_of_the_instrument
* https://en.wikipedia.org/wiki/Technological_fix
Wikipedia does have an essay on this specific to Wikipedia:
* https://en.wikipedia.org/wiki/Wikipedia:Solutions_looking_for_a_problem
Stack Exchange has a thread on "solution in search of a problem":
* https://english.stackexchange.com/questions/250320/a-word-that-means-a-solution-in-search-of-a-problem
Forbes has an illustrative anecdote:
* https://www.forbes.com/sites/stephanieburns/2019/05/28/solution-looking-for-a-problem/

References

^1 https://www.w3.org/events/workshops/2025/authentic-web-workshop/
^2 https://credweb.org/ and https://www.w3.org/community/credibility/

Previously in 2019 I participated @misinfocon.com #MisinfoCon:
* https://tantek.com/2019/296/t1/london-misinfocon-discuss-spectrum-recency
* https://tantek.com/2019/296/t2/misinfocon-roundtable-spectrums-misinformation

Ten years ago today I coined the shorthand “js;dr” for “JavaScript required; Didn’t Read”

* https://tantek.com/2015/069/t1/js-dr-javascript-required-dead

in reference to (primarily content) pages that were empty (or nearly so) without scripts.

Since then js;dr found its way into a book:

Page 88 of “Inclusive Design Patterns” by @heydonworks.com (@heydon@front-end.social)

and stickers!

At the time I made the claim that:

“in 10 years nothing you built today that depends on JS for the content will be available, visible, or archived anywhere on the web.”

I’ve seen and documented many such sites, built with a hard dependency on scripting, that end up dead and unarchived. Many of these have been documented on the IndieWeb’s js;dr page:

* https://indieweb.org/js;dr

I have to ask though: does anyone remember building a site 10 years ago (Internet Archive citation) with a Javascript library/framework dependency to display content, that still works today?

E.g. using one of the popular libraries/frameworks used to build such sites back then like AngularJS (discontinued 2022), Backbone.js, Ember.js, or even React which was still quite new at the time.

The one almost exception I found was Facebook, e.g. this Smashing Magazine post on Facebook barely renders some content and all commentary is missing, in the earliest (2019) version saved on the Internet Archive:
* https://web.archive.org/web/20191123225253/https://www.facebook.com/smashmag/posts/10153198367332490

You can extract the direct Facebook link if you want to try viewing it in the present.

Regarding those libraries/frameworks themselves, I wrote:

“All your fancy front-end-JS-required frameworks are dead to history, a mere evolutionary blip in web app development practices. Perhaps they provided interesting ephemeral prototypes, nothing more.”

Of all those listed above, only React has grown since, likely at the expense of the others.

However instead of fewer such libraries and frameworks today, it seems we have many more (though it feels like their average hypespan is getting shorter with each iteration).

Since I wrote “js;dr”, the web has only become more fragile, with ever more dependencies on scripting just to display text content. The irony here is that Javascript, like XML, has draconian parsing rules. One syntax error and the whole script is thrown out.

This means it’s far too easy for any such JS-dependent site to break, in one or more browsers, whenever browsers change, or Javascript changes, or both.

You wouldn’t build a site today (or 20 years ago) that depends on fragile draconian XML parsing, so why build a site that depends on fragile draconian Javascript parsing?

I’ll repeat my claim from ten years ago, slightly amended, and shortened:

In 5 years nothing you (personally, not a publicly traded company) build today that depends on Javascript in the browser to display content will be available, visible, or archived anywhere on the web.

There’s a lot more to unpack about what we’ve collectively lost in the past ten years of fragile scripting-dependent site-deaths, and why web developers are choosing to build more fragile websites than they did 10 or certainly 20 years ago.

For now I’ll leave you with a few positive encouragements:

Practice Progressive Enhancement.

Build first and foremost with forgiving technologies, declarative technologies, and forward and backward compatible coding techniques.

All content should be readable without scripting.

Links, buttons, text fields, and any other interactive HTML elements should all work without scripting.

Scripts are great for providing an enhanced user experience, or additional functionality such as offline support.

Then make sure to test your pages and sites without scripts, to make sure they still work.

If it's worth building on the web, it's worth building it robustly, and building it to last.

Last week I published my first Cybersecurity Friday post with three key steps for indieweb cybersecurity. In summary:

1. Email MFA/2FA. Add multi-factor authentication (sometimes called two-factor authentication) to everywhere you store or check email. Do not use phone/cell numbers.
2. Domain Registrar MFA. Add multi-factor authentication to your domain registrar account.
3. Web Host MFA. Same for your web host and any intermediate name servers (DNS) or content delivery network (CDN) service accounts.

Full post: https://tantek.com/2025/052/b1/steps-indieweb-cybersecurity

Next time: entropy is your friend in security.

If you want my #Cybersecurity Friday posts as soon as I publish them, follow my site https://tantek.com/ directly in your reader rather than using #socialMedia or #Mastodon or some other notes-centric #fediverse client.

You can subscribe to my site directly with an h-feed supporting #indieweb Social Reader, or if you use a classic feed reader, it can auto-discover my Atom feed from my home page.

You can also read my article blog posts and those from other Mozillians on the Mozilla Planet:
* https://planet.mozilla.org/
If you look closely you might even find my not-so-secret articles-only Atom feed linked there if you prefer.

This is post 9 of #100PostsOfIndieWeb. #100Posts #cyber #security

← https://tantek.com/2025/020/t1/seek-2024-year-in-review
→ 🔮

Glossary

article post
https://indieweb.org/article
Atom
https://indieweb.org/Atom
content delivery network
https://indieweb.org/content_delivery_network
cybersecurity
https://en.wikipedia.org/wiki/cybersecurity
DNS
https://indieweb.org/DNS
domain registrar
https://indieweb.org/domain_registrar
entropy
https://en.wikipedia.org/wiki/Entropy_(information_theory)
feed reader
https://indieweb.org/feed_reader
h-feed
https://indieweb.org/h-feed
MFA / 2FA
https://indieweb.org/multi-factor_authentication sometimes called Two Factor Authentication or Second Factor Authentication
mobile number for MFA
https://indieweb.org/SMS#Criticism
note post
https://indieweb.org/note
social reader
https://indieweb.org/social_reader
web host
https://indieweb.org/web_hosting

CSF_01: Three Steps for IndieWeb Cybersecurity

Welcome to my first Cybersecurity Friday (CSF) post. Almost exactly one week ago I experienced (and had to fight & recover from) a cybersecurity incident. While that’s a much longer story, this post series is focused on sharing tips and incident learnings from an #indieweb-centric perspective.

Steps for Cybersecurity

Here are the top three steps in order of importance, that you should take ASAP to secure your online presence.

Email MFA/2FA. Add multi-factor authentication (MFA) using an actual Authenticator application to all places where you store or check email. Some services call this second factor or two factor authentication (2FA). While checking your email security settings, verify recovery settings: Do not cross-link your emails as recovery methods for each other, and do not use a mobile/cell number for recovery at all.
Domain Registrar MFA. Add MFA to your Domain Registrar(s) if you have any. Optionally disable password reset emails if possible (some registrars may allow this).
Web Host MFA. Add MFA to your web hosting service(s) if you have any. This includes both website hosting and any content delivery network (CDN) services you are using for your domains.

Do not use a mobile number for MFA, nor a physical/hardware key if you travel internationally. There are very good reasons to avoid doing so. I’ll blog the reasons in another post.

Those are my top three recommended cybersecurity steps for protecting your internet presence. That’s it for this week. These are the bare minimum steps to take. There are many more steps you can take to strengthen your personal cybersecurity. I will leave you with this for now:

Entropy is your friend in security.

Glossary

Glossary for various terms, phrases, and further reading on each.

content delivery network: https://indieweb.org/content_delivery_network
cybersecurity: https://en.wikipedia.org/wiki/cybersecurity
domain registrar: https://indieweb.org/domain_registrar
email recovery: A method for recovering a service account password via the email account associated with that account. See also: https://en.wikipedia.org/wiki/Password_notification_email
entropy: https://en.wikipedia.org/wiki/Entropy_(information_theory)
MFA / 2FA: https://indieweb.org/multi-factor_authentication sometimes called Two Factor Authentication or Second Factor Authentication
mobile number for MFA: https://indieweb.org/SMS#Criticism
web host: https://indieweb.org/web_hosting

Syndicated to: IndieNews

Some solid #ResilienceStrategy advice in here:

https://bidenwhitehouse.archives.gov/wp-content/uploads/2025/01/National-Resilience-Strategy.pdf (20 page PDF, a well-written quick read or skim)

January 2025

"National Resilience Strategy:
A Vision for a More Resilient Nation"

While explicitly a #NationalResilienceStrategy, it has a lot of sound guidance for understanding, analyzing, and developing a resilience strategy at all levels, for yourself and your home, with your neighbors and relationships, to civic resilience, and beyond.

Here is an overview of the sections, to get an idea (if you avoid PDFs), and to help with discovery across various services:

* The Need for Collective Action toward National Resilience
* Defining Resilience
* Adaptive
* Protective
* Collaborative
* Fair and Just
* Human-Centered
* Interdependent
* Sustainable and Durable
* Understanding the Resilience Landscape
* Strategic Approach to Build Attributes of a Resilient Nation
* Throughlines of a Resilient Nation
* Cross-system and cross-sector use of resources
* Resilience manifests in adaptive capacity and communities
* Layered resilience
* Cascading reliance
* Environmental hazards, including climate change
* Technology innovation and digital transformation
* Cyber infrastructure
* Iterative continuous feedback loops
* Supply chains
* Robust safety nets
* Resilience Pillars
* Pillar I: Governance Systems
* Pillar II: Social and Community Systems
* Pillar III: Economic Systems
* Pillar IV: Infrastructure Systems
* Conclusion

And yes the text contents of the PDF include the terms #diversity #diverse #equity #equitable #inclusivity #inclusive, in many contexts (including and beyond the ones that may come to mind).

Related: https://tantek.com/2025/011/t1/remembering-aaronsw-twelve-years

Previously, previously:
* https://tantek.com/2024/336/t1/disruptions-how-to-prepare
* https://tantek.com/2024/313/t1/reflecting-listening-thoughts

#NationalResilience #Resilience #Strategy #Biden #BidenWhitehouse

Running For Re-election in the 2025 W3C Advisory Board (AB) Election

Tantek Çelik is nominated by Mozilla Foundation. Nomination statement from Tantek Çelik:

Addendum: More Candidates Blogged Nomination Statements

CSF_02: Entropy Is Your Friend In Security

More Steps for Cybersecurity

Glossary

CSF_01: Three Steps for IndieWeb Cybersecurity

Steps for Cybersecurity

Glossary

Tantek Çelik is nominated by Mozilla Foundation.
Nomination statement from Tantek Çelik: