.Org is Safe!

I wrote some time ago about ICANN, the organization that oversees top-level-domains, was attempting to sell the .org TLD to a private equity firm with a questionable record. Well, today they were finally defeated.

This was a contentous issue with many users, including users like myself who own .org domains. A private equity firm is not exactly the kind of oversight and governance that a non-profit would likely enjoy. The equity firm could charge any sort of pricing they so desired, even hold it over some “less favorable” organizations as leverage.

Additionally, Ethos Capital seems to have wanted the non-profit entitiy that controls the .org TLD so that it could load it up with debts from other controlled subsidies. What a terrible deal. The org domain registry is an organization that actually makes money off of the fees associated with registration.

The sale threatened to bring censorship and increased operating costs to the nonprofit world. As EFF warned, a private equity-owned registry would have a financial incentive to suspend domain names—causing websites to go dark—at the request of powerful corporate interests and governments. 

EFF – From the article

Powerful entities fought for this verdict, including California’s Attorney General, Members of Congress, the UN, The Girl Scouts of America, Wikimedia and more. This is a powerful win for freedom and open access. While this was well deserved, we need to make sure this doesn’t happen in the future.


Python Games

Yesterday, I posted about being generally uninterested in programming. Burnout is a pretty common case, and add on my preexisting condition, and you’ve got yourself an issue. In order to combat that, I decided to take up learning a very popular language: Python. I’ve always admired Python from afar. It seemed like a well-organized language with some interesting components. There is a module for everything and while performance isn’t quite as fast as C, it’s interpreted, so it’s to be expected.

To that end, I began writing a small game. Just guess a randomly chosen number in a range. You get a couple of attempts. Nothing hard, nothing that I’d have to dig too deep into learning how the whole thing works. A test to see if I enjoyed it.

I did enjoy it. For the most part. Learning (or relearning) the Python grammar after being embedded in C-styled languages for so long was a little bit of a hurdle. Overall, I was able to get things put together pretty well. I think I’m going to continue to extend and learn more about the deeper functions and modules available in core.

I’m not unfamiliar with programming, though, I’m sure Gordon Ramsay is not far off, eying my bread for a little sandwich making.

Idiot Sandwich

If you want to follow along, you can check out the edits and commit history I’ve posted to the repo. I may even enable issues to allow people to chime in where I might have done something wrong.


Broken Programming

I think something is wrong with me. I have, in the past, been an avid programmer. Programming was something I could do and it made me happy because I was able to affect change in the world, even at a small level. I spent many-a-year debating text editors, programming languages and generally being in it.

I don’t anymore. What I mean by that is that I don’t care for, or find programming fun or satisfying anymore. Even with this blog, I’m using the default twentytwenty theme with some modifications for color and other minor tweaks. I used to write my own themes and build my own components. I would labor endlessly over the smallest details, and tweak things until it was made “correct” in my eyes.

Now? Now I can’t be bothered to even open a text editor except out of novelty. I banged out a couple of lines of code that I modified from Kev for old posts, I dropped in some CSS to make it look okay and I was done. Opening a modern theme is like wading into a jungle of templates, CSS, JavaScript, Node.js, build systems and more. Even with IDEs like PHPStorm, I just can’t muster the energy to work on it.

I think I’m broken. Or at least I’ve broken my desire to code. I wonder if I wore it out, or if it’s a “young man’s game” and I’ve just past my prime. I don’t think that is the case, since I threw together a 500-line collection script for work that I was plenty interested in a week or two ago. No, I think my problem is it’s all so complicated now. The barrier to entry is high. Really high. You need to have gigabytes of compilers, build tools and linkers to just even bang out a “Hello World”. I feel like we’ve built this digital Tower of Babel and it’s looking a little creaky at this height.

Back in My Day!

The wonders that modern-day systems have brought is amazing. When I was a kid, using computers meant you knew something. It was a talent. Most people either did basic data entry on it or were programmers. Anything in between was hard to find. I guess that makes me an old man yelling at a cloud.

A screen grab from a Simpsons episode. A hand is holding a cut out from a news paper. On the clipping, a picture can be seen of an old man shaking his fist and yelling angrily at a cloud. The article is entitled "Old Man Yells at Cloud"
Back in my day, clouds were just clouds, not other people’s computers!

Maybe I should pick up C, or Python and kick around some simple programs. Get an idea for something and work on it until completion. A sort of hobby project. I’m fighting for time less with video games as of late, so I might be able to squeeze in something like that.


Procrastination Monkey

Hi, my name is Nathan and I am a habitual procrastinator. I spend more time wasting time than I do, doing something productive. While that’s not always bad, it does hinder my ability to thrive. This TED Talk on procrastination I just watched (instead of doing my job) explains this perfectly.

A crude drawing of a person's head. Inside of this head is a space where a man stands behind the wheel of an old sailing ship, a monkey stands next to him. The man is labeled "Rational decision-maker" and the monkey is labeled "Instant Gratification Monkey".
Actual picture of the inside of my brain.

I have been like this all my life. I spend hours doing something that feels good now, but when it comes time to do something less fun, but needed, I end up hanging out with the monkey. This comes into clear relief many times in my life. Even this morning, I have a pile of stinky dishes to take care of, but I’d rather be here, writing about procrastination. Or, perhaps it was better expressed when I was looking for a job and spent almost 8 hours watching cut scenes from Metal Gear Solid.

Procrastination exacerbates my depression. I spend a fairly significant portion of my time worrying about deadlines and responses and the fact I haven’t done something I should have, than I do on actually doing those things. I worry to the point of being sick, or end up spending frantic, stress-filled hours trying to complete a task that I could have chunked up into smaller bits. Ironically, I usually have to tell my son “not to eat the elephant all in one bite” when he panics about his workload. I appear to need the same advice.

Hello darkness, my old friend…

Procrastination vs. Grit

My wife calls her almost obsessive level of work ethic “grit”. That seems pretty accurate. She has the willpower to dig in and get things done, even if she hates them. If it needs to be done, it’s rare that she’s not holding the banner and leading the charge. I am often in awe of her power, but I seldom wish I had that much myself.

I know that I have concentration issues, with some topics. Things that don’t interest me are difficult to get traction on. Subjects like math or politics, history or social studies. If I’m not “in to it”, you’ll find it hard for me to get anything but the bare minimum done. Many of the tasks aren’t even hard. They’re just monotonous, or boring, or drudge work. I would rather spend time day dreaming than do much of that.

How to Fix it?

I’ve discussed this with my therapist a couple of times. Generally it’s a matter of getting started that makes the most difference. Just taking a few dishes out of the dishwasher, or picking up a few things around the house is enough to push the monkey off the wheel. While I may not entirely finish that task all in one attempt, at least I’ve made it easier for Future Nathan to pick it back up and have an easier time completing it.

What I wish my project timelines looked like.

Tim Urban, the man in the TED talk, also has some advice for procrastinators that I think I’ll be looking at as well. Much like depression, procrastination doesn’t seem like it’s a “curable” thing. You just have to know how to manage it for yourself.



Inspired by a post made by Sheogorath from Shivering Isles (yes, that Sheogorath, from those Shivering Isles), I recently implemented a Content Security Policy on my site to help frustrate third-party tracking systems and reduce reliance on externally hosted tools. There are some exceptions to this policy, like ShortPixel’s CDN, or ( in this case) that I allow for better performance. The idea is that I can advise the browser to not allow connections outside this website (and the above exceptions), which means that there is less likelihood that a piece of malicious content could start sending data to someone else.

How I Implemented It

Previously, I implemented these rules with a WordPress plugin called “HTTP headers to improve web site security“. This long-named plugin allowed me to set various options for these security rules, all I had to do was provide them. One of the biggest issues I found with the tool was that it lacked a “Report URI” directive. This directive allows me to have the browser report a flagged piece of content on my site, which in turn allows me to fix or remove it.

Since I’m no stranger to PHP and plugin development, I downloaded a copy and cracked open PHPStorm to inspect it. I was not impressed.

While the plugin works, it’s a mess of spaghetti code and one-off statements that don’t make much sense. In this moment I briefly thought of cleaning this up and releasing my own plugin to improve upon this. That moment faded when I realized what I was actually looking to do. Add a single header to the request. This could be done much more simply.

Content Security Policy in functions.php

I had some changes to the TwentyTwenty theme that I wanted to port from the modifications I had made to the TwentyFifteen theme I was using prior. Namely the ‘old content’ banner. This was a perfect time to implement a child theme for TwentyTwenty and add my header information.

Once I added the bare-bones child configuration, and the old content banner, I set to work adding headers. Headers can be kind of tricky in PHP. If you add them ‘too late’ in the script, they can be missed as PHP tries to get all the content out to the user as fast as possible. That means if your headers are buried in some deep dark section of a theme… well, you’re likely to miss it.

Thankfully, WordPress has a ‘send_headers‘ hook that allows you to ensure that your modifications get sent to the user in a timely fashion. With all that said, here’s the final product:

function twentytwenty_child_csp() { header( "Content-Security-Policy: connect-src 'self';default-src 'none';font-src data: 'self';frame-src 'self'; img-src data: 'self'; media-src data: 'self'; object-src data: 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; worker-src 'self'; base-uri; form-action 'self'; block-all-mixed-content; upgrade-insecure-requests; report-uri" ); } add_action( 'send_headers', 'twentytwenty_child_csp' );

Yes, that big mess of a CSP is a single line of data. Ugly, but that’s the spec. As you can see, I added a report URI to the end so I can keep tabs on anything suspicious.

Privacy Concerns?

The nice thing about Report-URI and CSP, no IP addresses or other information is logged. When I get a hit, this is what I see logged:

{ "csp-report": { "blocked-uri": "", "document-uri": "", "original-policy": "connect-src 'self'; default-src 'none'; font-src data: 'self'; frame-src 'self'; img-src data: 'self'; media-src data: 'self'; object-src data: 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; worker-src 'self'; base-uri 'none'; form-action 'self'; block-all-mixed-content; upgrade-insecure-requests; report-uri", "violated-directive": "img-src" } }

Just the facts.

I honestly don’t like logging more than I have to. This is more of a security context thing, so I’ll allow it. Plus it’s up to the browser to actually take action on. All entirely voluntary.