Canarytokens is a very cool looking tool built by Thinkist that allows you to easily — and freely — generate and monitor honeytokens.

These tripwires can be set off in a number of ways of your choosing, from a simple GET request all the way to triggering when a specific query is run on your MySQL database. SELECT * FROM user_passwords for example.

A number of helper tools are provided for use with Canarytokens, all of which are described in the linked blog post. The two that seem most interesting to me are the aforementioned MySQL trigger and the FileWatcher trigger which notifies you when a specific file is read.

Canarytokens is open source and self-hosting is made easy thanks to an official Docker image.

11 December 2017

Worry Fatigue

A few years ago, many a tech executive was known to wear the same outfit day in, day out. Perhaps it’s still a thing, I don’t know. Either way, this behaviour was justified as an effort to reduce decision fatigue, a term that denotes the deterioration of ones decision making as more and more decisions are made throughout the day.

I’ve had something that I’m dubbing “worry fatigue”1 on my mind for the past few days. This post is an attempt to clarify some of my thoughts on the matter.

For you to get a perspective on where I’m coming from, it’s worth noting that I’m a country boy through and through. At the ripe old age of 23 I’ve lived a total of about 3½ years in a city — a fairly small one at that.

Looking back on those 3 and a bit years, I now recognise a number of worries that were facts of my day to day city life and the accumulated effect they had on me. (Perhaps “worries” is too strong? “Concerns” maybe. I’ve yet to find the right word.)

These ranged from “did I bolt the door?” being the first question that popped into my head as soon as I started to relax and drift off to sleep, all the way to keeping an eye on the drunk walking towards me as I head home at night. From “I wonder how much the (already ludicrous) rent is going to go up by this time?” to feeling greasy by the time I got to work because the city was so polluted and dirty. The list goes on.

As with the decision making, it isn’t any single one of these small worries that has some great affect on you. Rather, it’s the accumulation of them over time. While decision fatigue is generally talked about in terms of days, I think these worries take a longer time to build up into something psyche-affecting.

For me that time period was about 2½ years. 2½ years of city life saw me ready to get on a plane, train, or automobile. Anything that’d get me out.

It took another year for me to finally put my foot down and say enough’s enough, but I did indeed get out. I went back to the country.

I’ve been home less than a year and a half and I am, not to be too melodramatic, a completely different person (physically, yes, but more to the point of this post) mentally.

Outside of work, my daily worries now more or less amount to “have the animals been fed?” and “what fencing did they manage to break last night?”. I can’t remember the last time I locked the front door at night. I’ve left the keys in the car ignition, the car door, and the house door overnight more times than I’d care to admit. It’s not even on my mind it matters so little. I can actually look up and see the stars at night.

The claustrophobia of the city and the draining “background concerns” it brings have been lifted. I’m as happy as I’ve ever been.

I’ve written on here before about big city tech life not being for everyone. This doesn’t just affect people who work in technology though. Whoever you are and whatever you do, sometimes it’s good to be reminded that there are other options available2. Step 1 is to put your foot down.

  1. I’m sure there’s already a proper name for what I’m about to talk about, but where’s the fun in that. [return]
  2. Though admittedly those of us who work in tech are at an advantage thanks to the embracement of allowing employees to work remotely. [return]
10 December 2017

Redesign preview

Knackered my foot at practice on Friday so I’ve spent the weekend tinkering with various projects including a potential update for my site. Nowhere near done but I’m pleased with how the header came out.

9 December 2017

This post was written in MarsEdit and is destined for a static blog that’s generated by Hugo. Once I click “Send to Blog” the rest should be handled by the server, which’ll create the markdown file, regenerate the site, sync the new markdown file to Google Drive and finish up by pinging so that the post shows up in a timely manner. Let’s see if this works…

8 December 2017

Progress report on Hugo + MarsEdit: all post frontmatter is being parsed, loaded and saved correctly, posts are displayed in the correct order & post editing works.

6 December 2017

My imagination or do blogrolls seem to be slowly creeping their way back onto people’s sites? I’ve seen quite a few recently, but that may just be down to the fact that I’ve been visiting more blogs written by IndieWeb folk.

5 December 2017

Heard about miniflux on a couple of day ago and spent some time installing it on my own server this evening. Impressed so far. It’s not pretty but it’s very fast, and its compatibility with the old Fever API means that it can be used in the likes of Reeder and I never have to see the web UI.

4 December 2017

I set Firefox 57 — the new version with the overhauled browsing engine — as my default browser this morning, replacing Chrome.

The same 4 extensions are installed on every browser I use: Ghostery, uBlock Origin, HTTPS Everywhere and a fourth that provides Vim keybindings. In Chrome, that plugin has always been Vimium.

Vimium is available for Firefox, but it isn’t yet compatible with version 57. In fact, after looking around a little, most Vim keybinding plugins seem to be incompatible with version 57.

My search eventually led me to Saka Key, the pot of gold at the end of the rainbow. It’s fast (not that that was ever a problem with Vimium), open source, configurable, well designed (that was a problem with Vimium), and supports the same bindings as Vimium1. It even has a Chrome version.

  1. Vimium’s bindings aren’t the default ones. To use them, go to “Add Ons” → “Saka Key” → “Preferences” and choose “vimium” from the dropdown next to the “Keybindings” heading. [return]

The scripts I use for blogging with Vim and Hugo

Nearly 4 months ago to the day I setup a publishing workflow for this site that allows me to create, update, and delete content via Google Drive. It’s a setup that has worked flawlessly for me.

In my quest to streamline the blogging process as much as possible, I also wrote a couple of scripts around the same time. The first to create a new post, the second to publish the post currently open in Vim. These too have worked very well, so let’s take a look at them.

Continue Reading →

2 December 2017

Can’t remember the last time winter started so harshly here. Dropped to -9°C last night. Currently -8°C and falling with high winds to boot.


23 November 2017
18 November 2017

Snyk has been around for a while but this fantastic new addition to GitHub brings dependency vulnerability monitoring to the masses.

Vulnerabilities that have CVE IDs (publicly disclosed vulnerabilities from the National Vulnerability Database) will be included in security alerts. However, not all vulnerabilities have CVE IDs—even many publicly disclosed vulnerabilities don’t have them. We’ll continue to get better at identifying vulnerabilities as our security data grows.

They “only” support JavaScript and Ruby at the moment — in addition to those two, Snyk also supports Java, Scala, Python, Go and Gradle — but Python support is said to be coming in 2018 and I’m sure they won’t stop there.

In which Dave DeLong addresses a whole host of misconceptions held about dates and time.

The TL;DR for programmers is:

You should always use the Date and Time Services provided by the ICU Project. If you’re an iOS/macOS developer, then you should always stick to NSCalendar and its cohorts, which are all built on top of the ICU libraries.

16 November 2017

Today’s recommendation is a fantastic little Sketch plugin by Andrew Fiorillo that’ll export your selected artboards and bundle them up in a PDF. It does it perfectly and, somewhat impressively, it does it in 116 LOCs including comments and whitespace thanks to Sketch’s undocumented MSPDFBookExporter class.

If you’ve ever tried doing this manually you’ll know just how much time a plugin like this can save.

15 November 2017
13 November 2017

In a blog post about new user protection features coming to Chrome in future versions, Ryan Schoen mentions this update scheduled for Chrome 65 which should prevent the target='_blank' vulnerability known as “tabnabbing”:

When the user interacts with content, things can also go wrong. One example that causes user frustration is when clicking a link opens the desired destination in a new tab, while the main window navigates to a different, unwanted page. Starting in Chrome 65 we’ll also detect this behavior, trigger an infobar, and prevent the main tab from being redirected. This allows the user to continue directly to their intended destination, while also preserving the context of the page they came from.

If you’re unfamiliar with tabnabbing, a non-malicious demo along with recommendations on how to prevent the attack can be found here; here’s a nice concise write up about the attack too.

10 November 2017

Terence Eden with a good rundown of the problems around standardising a country input type:

Let’s start with the big one. What is a country? This is about as contentious as it gets! It involves national identities, international politics, and hereditary relationships.


Some countries don’t recognise each other. Some believe that the other country is really part of their country. Some countries don’t exist.


Borders shift. Countries disappear, merge, split, change names, change flags, and do all manner of weird things which trip up your edge cases.

You can keep up to date with new posts by subscribing to the RSS Feed or by following me on