So we were all talking about Palm Pilots, and someone mentioned that they’re available dirt cheap off eBay.

Sigh. I didn’t need this, but it arrived today anyway.

Frankly, a lot of the IIIxe’s assets hold up well. One hardware button press and the relevant app is open and ready half a second later. My fingers remember how to write Graffifi. No notifications, except calendar event reminders I configured. I’ve used less productive devices all too recently.

A shiny new Palm IIIxe looking like new

BetterDisplay Pro fixed my multi-monitor pet peeve

I have a 32" monitor and a 27" monitor on my desk. Don’t ask. But although they’re different sizes, they both have the same native 3840x2160 resolutions. The 27" just has smaller pixels.

This is fine 99% of the time. When I’m working away with different windows open on each screen, all is peachy. It’s only slightly annoying that the menu bar on one screen is a tiny bit larger than on the other, but I’m tough. I can live with that.

What I can’t tolerate is that it’s impossible to exactly line up graphics across the 2 monitors. If I flick my mouse cursor from one to the other at the top of the screen – I have the physical screen tops aligned at the exact same height – it flies smoothly over the gap. If I try the experiment near the bottom, the cursor jumps in altitude as it crosses the border because “2000 pixels down from the top” is a farther distance in inches on a 32" monitor than on a 27" screen. And if I dare drag a window from one screen to the other, its position and size change as it crosses over. This will not do.

A friend recently nudged me to look at BetterDisplay Pro, and my life is better for it. It has exactly one feature I care about: the ability to enter a custom screen resolution, which I can then select from the normal Displays system setting. I did these things in order:

  • Installed BetterDisplay Pro.
  • Looked up my monitors’ specs. One has pixels .1554mm square. The other’s are .1810mm square.
  • Computed a new resolution for the smaller monitor. I was running the larger monitor at a virtual resolution of 2560x1440 because at full res I’d need a telescope to read this text. I multiplied those numbers by .1554/.1810 to get a new resolution of 2196x1236.
  • Added that to BetterDisplay Pro as a custom scaled resolution.
  • Opened Displays and selected the new resolution.
  • Dragged windows back and forth between the 2 in unadulterated joy as they’re now the same physical size on both monitors, and both the tops and bottoms of windows exactly line up as they cross over.

Wow, wow, wow. After many long months of mortal anguish, that annoyance is completely gone. My monitors play nicely together as I always wished they would.

Note: Yes, now there’s a slightly different nit, in that it slightly irks me that my resolution has a very strange non-integer scaling factor of 180:103. I don’t care. I can live with it. macOS still sends a 3840x2160 signal to the displays, and the pixels are so tiny that I can’t visibly tell it’s not running at native resolution. Of course, that non-integer scaling might slow the display down very slightly, but this is on an M1 Max system and why pay for the TFLOPS if you’re not going to use them? It’s totally worth the tradeoff.

When we got this kitty, she was darn near feral. Now she won’t leave me alone.

A brown and grey striped cat with bright green eyes is sitting on the lap of someone in a home office.

The coffee shop is fine

I hear too many acquaintances worry that employees might work from a coffee shop or other public network, putting their whole company at risk. So what if they do? The idea that a coffee shop’s Wi-Fi is insecure implies that there’s a mythical “secure” network that can be trusted with the company’s secrets. That’s almost never true.

Work-from-home employees are on a tame home Wi-Fi setup, right? Don’t count on it. Is their gear current? Are they sharing Wi-Fi with their neighbors? Are they using their apartment building’s network? Who’s their ISP? Although their home setup might – or might not – have fewer people on it than the local cafe’s, that doesn’t make it trustworthy.

What about the employees we coerced into returning to a legacy office and using its Wi-Fi? Oh. You mean that named network that sits around with a target on its back as belonging to important people? Unless you manage your own office, and it’s in a Faraday cage blocking all outbound or inbound radio signals, and you pretend that MAC filtering is a security feature, and all your equipment is patched with the latest security updates, and you have guards walking around with fox hunt antennas to spot rogue access points, it’s not substantially better in the ways that count. If you can read this at work, at least a few of those assumptions are likely wrong.

The idea of a “trusted network” is dead. It’s time we stop pretending. If an employee can be compromised at the coffee shop, they can be compromised at the office. We have to design our defenses as though our staff are working from the free network at DEF CON. That means making sure all employee devices and servers are patched. That all connections are encrypted, even those between internal systems. That authentication uses cryptography, not passwords. That we don’t pretend that “route all traffic” VPNs are a good idea. That we don’t rely on allowlisted IPs as a critical defense. That we don’t trust any network our employees might use, and that our systems are robust enough to endure hostile environments. Yes, even the ones we tell ourselves are safe.

And if we’re not comfortable with our coworkers typing away next to a fresh latte, it’s our responsibility to figure out what part of that bothers us and then fix it. The issues that would make that scenario dangerous affect the “secure” office, too.

It’s an Aperol spritz kind of afternoon.

Two glasses are filled with dark orange liquid and topped with ice and orange slices. They’re sitting on a cutting board surrounded by more orange slices.

I found a odd control in AWS Security Hub’s CIS Benchmark 3 findings. It reports “IAM Access Analyzer external access analyzer should be enabled”, even if it is enabled in another account with organization-wide scope. Support’s advice is to disable the control.

Fine. It seems like an edge case, although maybe a common one for orgs with multiple accounts. I’m OK with silencing the false positive since we monitor that other account with its own CIS Benchmark 3 report.

We went to the local swap meet across the channel from the Port of Oakland. Photos don’t do justice to the enormousness of the container ships moored here daily.

A giant Hyundai container ship loaded with pink and orange and brown and other brightly colored containers in front of some giant cranes and a clear blue sky. It sits across a channel and some car roofs are in the foreground.

All household children deny knowledge of the situation, but I am skeptical.

A bag of frozen microwaveable burritos that has been open from both ends.The same bag with both ends rolled up and closed with bag clips.

Today I learned about Emacs’s table handling. Start with a mess:

| *Name* | *Type* | *Flavor* |
|--|--|--|
| Orange | Fruit | Orangeish |
| Water | Liquid | N/A |
| Pineapple | Armored fruit | Summer |

Run M-x table-recognize and press TAB. Now you have:

| *Name*    | *Type*        | *Flavor*  |
|-----------|---------------|-----------|
| Orange    | Fruit         | Orangeish |
| Water     | Liquid        | N/A       |
| Pineapple | Armored fruit | Summer    |

❤️

Literally every time I open the CA DMV digital drivers license app:

  1. “You need to refresh your license!” Fine.
  2. “To do that, you need to log back into the DMV website!” Alright.
  3. “Your password is expired. You need to update it!” Ugh, really, whatever.
  4. “System Unavailable”. throws phone

Every. Time. If I ever try to use this to board a flight, I’m so sorry for the people behind me in line that day.

Gigi is a happy mess.

A 3 lb Maltese dog sits between some pillows. She’s staring at the camera, fuzzy white fur, big black eyes and a pink tongue hanging out the side of her closed mouth.

If I bought this, “everyday" would mean “…for the rest of my life, and you’ll have to bury me in it.”

Picture of a normal-looking shirt: &10; &10;“Best everyday v-neck t-shirt &10; &10;$15,202 at its website &10; &10;Pros: &10; &10;+ Buttery soft fabric &10; &10;+ Has a hint of stretch to move freely &10; &10;Cons: &10; &10;x Not the most stylish pick” &10; &10;Not mentioned: &10; &10;+ Grants the ability to fly

Sometimes Rust makes me so happy. I wrote this over the weekend:

let embedded_data = include_bytes!("../static/data.bin");
let my_set: HashSet<&[u8]> = embedded_data[7..].chunks(10).collect();

It does this:

  1. Read a binary file and embed it in the final executable as an array of bytes.
  2. Create a HashSet (Python folks: a set() of items of a specific type) where each element is an array of bytes.
  3. Skip the first 7 bytes of the binary file using Python-like slice notation.
  4. Create an iterator that emits 10-byte portions of the rest of the file, one at a time.
  5. Collect all the values from that iterator into… oh!, a HashSet<&[u8]> because Rust can tell what the type of the target variable is, so why make me repeat myself?

Rust isn’t magic. Other languages can do similar things if you poke at them enough. It’s more that 2 lines of builtin Rust can readably implement a reasonably sophisticated set of operations that get compiled into a static executable. That’s a very pleasant combination of features.

The hen is very curious about my lunch.

A black hen stands in the shadow of a back yard shelter. She’s watching very closely to make sure the diner isn’t up to shenanigans.

Today’s spam starts:

How are you doing? I’ve been following you on LinkedIn for a while now and wanted to reach out to say that I absolutely love your background. I have a Business Opportunity that I would like to discuss with you for mutual benefit.

That’s a new one for me.

My wife took a vow to put up with me 25 years ago today. Since then, she’s been my ride-or-die best friend through our many grand adventures. We didn’t always know how they’d work out. We’ve always gotten through them together. I know there’s nothing too big for us to face side by side.

Here’s to the next 25, my love, and all the others after that.

Project dream 1:

  • Toss and turn all night, thinking of a million things to be done, going in deep to solve some hard problems.
  • Wake up and remember none of that exists. Relax. Laugh.

Project dream 2:

  • Same as above.
  • Remember, oh yes it does.
  • Desperately make notes before it goes all Xanadu to your Coleridge.
  • Sit in a cold, panicked sweat for a little while.

It’s been a long week already, it’s Tuesday, and I haven’t even returned to work yet.

We survived Def Con. Barely. It was about as much fun as I’m physically able to tolerate in 1 week. Highlights:

  • Meeting many online friends and finding out they’re all delightful in person.
  • Seeing it all through my first-time-attendee wife’s eyes as we meandered through it all.
  • Coordinating, conspiring, and scheming face-to-face.
  • Being on the team taking 2nd-place in the EFF Tech Trivia contest.
  • Oh yeah, the parties.

We’re both happy, grinning, utterly exhausted, energized, and ready for next year.

Best Buy’s new anti-privacy practices are even more awful than before. They’ve lost any business I’d ever be sending them after this.

Do Not Sell My Personal Information&10;You're opting out of the "sale" of personal information.&10;Here's what you need to know:&10;• We can best honor this request if you are logged in to a Best Buy account.&10;• When you submit this request, we'll place a cookie on your browser to opt you out of the&10;"sale" of your personal information from BestBuy.com.&10;• This cookie will only take effect on this device, with this browser. If you visit BestBuy.com with a different device or browser, you will need to make the request again.&10;• If you use our mobile app, you'll need to activate the Do Not Sell function of the mobile app - your submission here won't impact the app.&10;• If you later delete or clear Best Buy's opt-out cookie, you'll need to submit a new opt-out request.&10;Send

Def Con badge acquired. Most of the way through the merch line; another 4 hours at most.

A roughly cat-shaped clear badge with electronics inside, displaying a Gameboy-style game. It’s glowing with bluish LEDs, except for the red left eye.