{ "version": "https:\/\/jsonfeed.org\/version\/1.1", "title": "Programming", "_rss_description": "Home page · Travel · На русском", "_rss_language": "en", "_itunes_email": "", "_itunes_categories_xml": "", "_itunes_image": "", "_itunes_explicit": "", "home_page_url": "https:\/\/robert.uber.space\/blog\/tags\/programming\/", "feed_url": "https:\/\/robert.uber.space\/blog\/tags\/programming\/json\/", "icon": "https:\/\/robert.uber.space\/blog\/pictures\/userpic\/userpic@2x.jpg?1739870896", "authors": [ { "name": "Robert", "url": "https:\/\/robert.uber.space\/blog\/", "avatar": "https:\/\/robert.uber.space\/blog\/pictures\/userpic\/userpic@2x.jpg?1739870896" } ], "items": [ { "id": "1419", "url": "https:\/\/robert.uber.space\/blog\/all\/cybersecurity\/", "title": "Technological measures for cybersecurity", "content_html": "

There are various kinds of cybersecurity measures: organisational, legal, technological, and physical. All of them are useful, but the technological ones are the most resilient.<\/p>\n

Policies and platforms are short-lived by nature<\/h2>\n

Legislation and policies are short-lived and unreliable, they are easy to bypass and modify. Just as platforms, they are created and maintained in a centralised manner by people who cannot be held to account. Protocols, on the other hand, are far more reliable, because they work in any jurisdiction and under any management. If a protocol’s creator dies or loses control, it keeps on working regardless. SimpleX, RSS, Monero, and the internet itself are all open protocols that do not belong to any company.<\/p>\n

There can be any formal rule, but only the technologically enforced one will be followed. To falsify a contract on a Proof-of-Work blockchain, one needs to take over 51% of the network, and not just a single notary office. Good cryptocurrencies have monetary policies that are deeply thought through, so people don’t have to worry about central banks making the “right choice”. Decentralised domain protocols allow for true domain ownership, so people don’t have to worry about the benevolence of the Internet Corporation for Assigned Names and Numbers (ICANN).<\/p>\n

As for data protection, it’s possible, of course, to open a company in one country and have it belong to two legal entities in two other countries, dividing data between different jurisdictions. Yet legislation can always change, while technologies will keep on working regardless. Such a legal move can only be an addition to technological measures, not their replacement.<\/p>\n

The European GDPR allows citizens to withdraw consent to their data being processed, as well as to exercise “the right to be forgotten” and thereby remove all data about themselves from the public eye. But as the Streisand effect proves, a person who states the desire to hide will thereafter only become more visible. Services that truly want to streamline data deletion allow it to be done with a simple click — no emails and phone calls required.<\/p>\n

“Security through obscurity” leads to lack of responsibility and accountability. Good defence works even if the enemy knows how it works.<\/p>\n

The zero-trust approach works best<\/h2>\n

When a system is transparent and comprehensible, there is no need to rely on others’ oaths: violations are seen, while vulnerabilities are easy to fix. Transparent and comprehensible software is open-source, its builds are reproducible. If it connects to the web, it has an Internet Access Policy<\/a>.<\/p>\n

Reliable devices have open schematics and, when possible, are physically transparent to make it easy to notice foreign components. The microphone and camera are turned off electrically, not via software.<\/p>\n

If some code isn’t being used, it needs to be removed. The simpler the software, the fewer the bugs & vulnerabilities, and the higher the likelihood of detailed external audits.<\/p>\n

Technologies should be built in ways that make surveillance impossible, with data being processed only after the user’s conscious consent. It’s preferable for all new technologies to be backwards-compatible: this makes their adoption easier. Optional privacy is no privacy at all, as it divides people into normies and “those with something to hide” — that’s why Monero rules and Zcash drools.<\/p>\n

The zero-trust model is a good way to enhance security. In an organisation, this means embedding multi-level access control: each person can only access the data needed for the time needed. Accepting that anything can leak leads to minimising data collection and storage; accounts are not created without good reason.<\/p>\n

Zero-trust can also be implemented on a local level via sandboxing. This means isolating browsers, ecosystems, and devices: using one for the personal, another for work, and a third for the alter ego. Access to one account or device will thus never be enough to paint a full picture of someone’s life.<\/p>\n

Tips to enhance privacy and security<\/h2>\n

As many interactions as possible should happen anonymously or at least pseudonymously. To make identification more difficult, one can reduce the amount of static data by constantly changing IP addresses with a VPN, randomising MAC addresses, preferring IPv4 to IPv6<\/a>, spreading disinformation about identity. It’s harder to identify a person whose name isn’t tied to a device.<\/p>\n

Browser-level protection is not enough: it’s not the only program communicating with the internet. Also, the more a browser is configured, such as with installed plugins, the easier it is to identify the person through metadata. Restrictions, such as those related to scripts, should be set on the system or router level.<\/p>\n

Authentication should consist of multiple factors: what a person knows and what a person has. Emails and SMS messages should not be obligatory factors because of their low privacy. There also should not be any shared secrets: many people are unable to follow instructions and keep passwords in a safe place.<\/p>\n

As much as possible should happen locally: the cloud is just someone else’s computer, while trusted third parties are security holes. However, if an interaction requires the internet, a web app is safer than a local app: a closed browser tab guarantees absence of background communications.<\/p>\n

Almost everything should be encrypted, but it’s important to remember that malware (and on-device AI) can gather data before encryption and after decryption.<\/p>\n

It’s best to avoid passing SSDs onto others: the only way to truly ensure the absence of previously “deleted” data is to smash the disk.<\/p>\n

To completely exclude remote attacks, a device should not have Wi-Fi, Bluetooth, microphones, and cameras; any connections should happen physically. Such devices are typically kept in hard-to-reach places. If such a device were to be accessed, it should notify about this, both on the software and hardware levels. The most advanced devices use deniable encryption, fooling potential extorters into believing that the little data they manage to retrieve is all there is.<\/p>\n

Final thoughts<\/h2>\n

Certain kinds of digital threats can be prevented only with transparent technological measures.<\/p>\n

However, a system can never be fully secure — this would make it inoperable. Tradeoffs are unavoidable; security measures should be chosen based on threat model, threat probability, objective limitations, long-term goals, and budget.<\/p>\n

As of today, network effects continue to sway people towards centralised messaging apps, many sites needlessly require registration, hardly any devices have open schematics, and decentralised domain protocols are still uncommon. There is great room for improvement — let’s get to it.<\/p>\n", "summary": "Technological cybersecurity measures are the most resilient", "date_published": "2024-07-29T10:11:19+02:00", "date_modified": "2025-08-27T14:20:53+02:00", "tags": [ "decentralisation", "Europe", "legislation", "privacy", "programming", "software", "solutions", "strategy", "tech", "websteads" ], "_date_published_rfc2822": "Mon, 29 Jul 2024 10:11:19 +0200", "_rss_guid_is_permalink": "false", "_rss_guid": "1419", "_e2_data": { "is_favourite": false, "links_required": [], "og_images": [] } }, { "id": "1167", "url": "https:\/\/robert.uber.space\/blog\/all\/nocss\/", "title": "No-CSS Club", "content_html": "

Structural simplicity is not necessarily visual simplicity. Modular devices are structurally simple, but often physically bulky. MacBook power bricks are visually simple, but structurally too complex to be repaired.<\/p>\n

Philosophically, structural simplicity is the one to prioritise. Form follows function.<\/p>\n

⁂<\/p>\n

Designing a webstead around the avoidance of CSS leads to a reduction in bloat and an improvement in structure.<\/p>\n

It also makes plain sense<\/i>. Visitors are already setting their preferences, whether font size, color theme, or window width. I’m just extending this way of thinking to style sheets, which can be customised thru browsers.<\/p>\n

I’m happy to have my webstead listed in the No-CSS Club<\/a>. Some day, this blog too will wave goodbye to cascades.<\/p>\n", "summary": "I’m happy to have my webstead listed in the No-CSS Club", "date_published": "2023-08-02T10:57:23+02:00", "date_modified": "2025-02-10T17:15:50+02:00", "tags": [ "design", "DOPE", "hues", "my webstead", "programming", "the web", "websteads" ], "_date_published_rfc2822": "Wed, 02 Aug 2023 10:57:23 +0200", "_rss_guid_is_permalink": "false", "_rss_guid": "1167", "_e2_data": { "is_favourite": false, "links_required": [], "og_images": [] } }, { "id": "1151", "url": "https:\/\/robert.uber.space\/blog\/all\/merceneros\/", "title": "Merceneros visual identity", "content_html": "

Merceneros is a coöperative offering technical services to the Monero economy.<\/p>\n

I designed its visual identity based on the trope of programming, having the colors allude to Monero:<\/p>\n

\n\"\"\n<\/div>\n

This design is super-universal — the list of values in brackets varies with context, and will expand with the group offering more services:<\/p>\n

\n\"\"\n<\/div>\n

Also, this visual identity needs no special graphics for implementation — only the JetBrains Mono typeface.<\/p>\n

There’s a compact version of the logo too:<\/p>\n

\n\"\"\n<\/div>\n

Here it is in the chats. The second logo is an internal one, with a caret instead of a bracket:<\/p>\n

\n\"\"\n<\/div>\n

I went from start to finish in less than a day.<\/p>\n", "summary": "Merceneros is a coöperative offering technical services to the Monero economy", "date_published": "2023-07-28T20:57:10+02:00", "date_modified": "2026-04-04T19:32:11+02:00", "tags": [ "design", "hues", "logos", "Monero", "my logos", "programming", "typography", "undertakings" ], "image": "https:\/\/robert.uber.space\/blog\/pictures\/merceneros-com.png", "_date_published_rfc2822": "Fri, 28 Jul 2023 20:57:10 +0200", "_rss_guid_is_permalink": "false", "_rss_guid": "1151", "_e2_data": { "is_favourite": true, "links_required": [], "og_images": [ "https:\/\/robert.uber.space\/blog\/pictures\/merceneros-com.png", "https:\/\/robert.uber.space\/blog\/pictures\/merceneros-brackets.png", "https:\/\/robert.uber.space\/blog\/pictures\/merceneros-logo.png", "https:\/\/robert.uber.space\/blog\/pictures\/merceneros-logos-chat.png" ] } }, { "id": "1142", "url": "https:\/\/robert.uber.space\/blog\/all\/no-js\/", "title": "No-JS Club", "content_html": "

My webstead has never had JS outside of some blog features.<\/p>\n

I’m happy that it has now been listed in the No-JS Club<\/a>!<\/p>\n", "summary": "My webstead has never had JS outside of some blog features", "date_published": "2023-07-25T18:41:47+02:00", "date_modified": "2025-02-10T17:15:43+02:00", "tags": [ "DOPE", "my webstead", "programming", "the web" ], "_date_published_rfc2822": "Tue, 25 Jul 2023 18:41:47 +0200", "_rss_guid_is_permalink": "false", "_rss_guid": "1142", "_e2_data": { "is_favourite": false, "links_required": [], "og_images": [] } }, { "id": "456", "url": "https:\/\/robert.uber.space\/blog\/all\/sunset-b1\/", "title": "Sunset theme for Nova", "content_html": "

To write CSS and JS code, I use the code editor Nova<\/a>. Its dark mode is acceptable but definitely not great:<\/p>\n

\n\"\"\n<\/div>\n

Therefore I made my own theme, Sunset:<\/p>\n

\n\"\"\n<\/div>\n

It is based on reddish hues, which are good at lowering eye-strain. Text is colored differently than in dark mode, comments are indicated with italics.<\/p>\n

↓ Download beta 1<\/a><\/p>\n", "summary": "To write CSS and JS code, I use the code editor Nova. Its dark mode is acceptable but definitely not great", "date_published": "2021-01-18T15:03:41+02:00", "date_modified": "2024-11-13T08:58:18+02:00", "tags": [ "design", "health", "hues", "programming", "software", "Sunset", "undertakings" ], "image": "https:\/\/robert.uber.space\/blog\/pictures\/Nova-dark.png", "_date_published_rfc2822": "Mon, 18 Jan 2021 15:03:41 +0200", "_rss_guid_is_permalink": "false", "_rss_guid": "456", "_e2_data": { "is_favourite": false, "links_required": [], "og_images": [ "https:\/\/robert.uber.space\/blog\/pictures\/Nova-dark.png", "https:\/\/robert.uber.space\/blog\/pictures\/Sunset.png" ] } }, { "id": "413", "url": "https:\/\/robert.uber.space\/blog\/all\/bugs\/", "title": "Bugs in own programs", "content_html": "

I feel great joy when finding and squashing bugs in my own programs.<\/p>\n", "summary": "I feel great joy when finding and squashing bugs in my own programs", "date_published": "2021-01-01T21:23:12+02:00", "date_modified": "2024-12-03T23:11:25+02:00", "tags": [ "feelings", "growth", "life", "me", "programming" ], "_date_published_rfc2822": "Fri, 01 Jan 2021 21:23:12 +0200", "_rss_guid_is_permalink": "false", "_rss_guid": "413", "_e2_data": { "is_favourite": true, "links_required": [], "og_images": [] } }, { "id": "206", "url": "https:\/\/robert.uber.space\/blog\/all\/tg-2020-w21\/", "title": "My Telegram posts on 2020’s week 21", "content_html": "

Weeks 16...20<\/a> ←→ Week 22<\/a><\/p>\n

Tuesday, May 19<\/h2>\n
\n\"\"\n<\/div>\n

Made myself a standing workplace outside:<\/p>\n

\n\"\"\n<\/div>\n

Wednesday, May 20<\/h2>\n

From President Zelensky’s NYT op-ed<\/a>: “Ukraine remains a good partner and friend of the United States. We received the military assistance we needed to continue to ensure our country’s independence.”<\/p>\n

Independence, you say? Needing<\/i> something = being dependent on that something’s provider.<\/p>\n

Thursday, May 21<\/h2>\n

I love drinking tea with ice cream.<\/p>\n

Friday, May 22<\/h2>\n

I always click Submit<\/i> instead of the arrows. Stupid design:<\/p>\n

\n\"\"\n<\/div>\n

I’m writing a program that will help me write another program.<\/p>\n

People should not be working towards 1TB\/s internet, but towards files that take up less space.<\/p>\n

Saturday, May 23<\/h2>\n

Evil doesn’t exist. Interests do.<\/p>\n

It’s a good thing that English got rid of the long s. If we ſtill had it today, reading would be much ſlower and ſlippier.<\/p>\n

\n\"\"\n<\/div>\n

Sunday, May 24<\/h2>\n

Government bureaucracy is not always bad: it’s a strong filter that stops all extreme initiatives.<\/p>\n", "summary": "Zoompocalypse, standing workplace, independence, tea with ice cream, bad Google Meet interface, debloating, the evolution of English, and government bureaucracy", "date_published": "2020-05-25T12:47:16+02:00", "date_modified": "2024-10-21T09:32:14+02:00", "tags": [ "drinks", "food", "life", "might", "my Telegram channel", "programming", "tongue", "Ukraine" ], "image": "https:\/\/robert.uber.space\/blog\/pictures\/Zoompocalypse.png", "_date_published_rfc2822": "Mon, 25 May 2020 12:47:16 +0200", "_rss_guid_is_permalink": "false", "_rss_guid": "206", "_e2_data": { "is_favourite": false, "links_required": [], "og_images": [ "https:\/\/robert.uber.space\/blog\/pictures\/Zoompocalypse.png", "https:\/\/robert.uber.space\/blog\/pictures\/Standing-workplace.jpg", "https:\/\/robert.uber.space\/blog\/pictures\/GoogleMeet.png", "https:\/\/robert.uber.space\/blog\/pictures\/LongS.png" ] } } ], "_e2_version": 4199, "_e2_ua_string": "Aegea 11.5 (v4199)" }