Rotary Cellphone

Hey, remember that rotary cellphone? Now you can buy one!

Previously, previously, previously, previously, previously, previously, previously.

Tags: , , , ,

QR scanning

Dear Lazyweb,

Is it possible for JavaScript on iOS to scan a QR code using the camera, and return the scanned data to the caller?

As always, please only respond with things that you have seen working with your own eyeballs. I see a few things that maybe purport to do this, but they don't work.

We check people off of our guest lists using a JavaScript-heavy web page on various tablets, and it might be a little faster if, instead of needing to scroll to the customer's name, we could just point the tablet's camera at a QR code that the customer is waving at us.

Update: This one seems to work well so far.

Previously, previously, previously.

Tags: , , , ,

This is magical

Via, but I couldn't find the original GIF.

And because I had to know: yes, every frame decodes properly.
And nearly all of the animated bits are necessary for proper decoding.

Update: A generator: Amazing QR.

Previously, previously, previously, previously, previously, previously.

Tags: , , , ,

So, how was your week?

Some excerpts from Violet's pandemic roundup:

Palm Springs Desert Sun reported Coachella Valley cases were up 77% following first weekend of Coachella.

Coachella's first no-vax, no-test, no-mask weekend adds to a growing list of bands and performers "cancelling shows, abandoning tours, sick and/or stuck in quarantine far from home." Positives came for Bob Mould, Jon Spencer, Low, Superchunk, and many more. [...]

"Unfortunately, the idea of one-way masking is better in theory than in practice." See: What is one-way masking, and does one-way masking work? [...]

An unqualified Federal judge in Florida on Monday struck down the CDC's mask protections on airplanes, trains, and other public transit. [...] Airlines immediately announced to passengers it was safe to unmask while in airports, or mid-flight, endangering those at-risk or traveling with children under 5. Flight attendants and pilots chided those who continued to mask. Uber and Lyft followed suit.

Delta Airlines announced the change with a false statement, that Covid-19 "has transitioned to a seasonal virus." [...] Further, "Delta Air Lines and United Airlines will allow customers previously barred from flying for failing to wear masks to board flights again."

Perhaps Delta should change its name to Omicron. [...]

"BART, SF Muni, Caltrain [...] all initially announced that they are making no changes to their current masking policy, keeping the mandate in place for now." However, BART has stopped enforcing mask requirements on trains. [...]

The San Francisco Chronicle on Tuesday ran a headline saying that masks don't work. One of the authors was UCSF's Dr. Monica Gandhi.

Previously, previously, previously, previously, previously, previously.

Tags: , , , , ,

WYSIWYG WordPress comments?

The comments field on this here blog feels Very Nineties, what with making you type in HTML by hand, like an animal. Is there some plugin that isn't a massive security hole that gives you a bold/italic/link toolbar and such?

This is hard to search for, as the WordPress plugin space is polluted with rentiers and data brokers who want to help you move your comments off of your computer and onto theirs.

If you're going to suggest TinyMCE, you probably shouldn't. All I know about it is that URLs with that name in them are frequent targets of botnet probes here, and that strongly suggests that it does not have a security track record that one would consider stellar.

I see that at some point in the past decade or two, HTML got a contenteditable attribute that you can tack onto any old element, which I find honestly shocking! And that page contains "Example: A simple but complete rich text editor" in 152 lines of code. Should I just use that? It seems to work kind of poorly on iOS, but it does work... And here's another one.

I'd rather just install something that build my own out of constituent parts, though. Unless that would be insecure, or have a list of frameworks and package managers as long as my arm (as is the fashion these days).

Note that I am talking about editing comments, not posts (the thing that you are typing into right now, not the thing that I am typing into right now.)

Update: I got it working with Trix. It was a lot more work than I would have hoped! It seems like a very good editor (and they did the cross-platform work, which is no small feat) but the documentation is nearly nonexistent. Take a look at trix-jwz.js to see the brain surgery I had to do on it just to get it to allow you to embed an IMG or YouTube video.

Also, here's a fun one: it uses embedded SVG icons for the buttons, which is cool, but they are black-on-transparent. Guess how you turn such an SVG into green-on-transparent in CSS. Because I asked the question, you already have the sinking feeling that it's not the "color" property. Nope, it is:

    "filter: invert(68%) sepia(36%) saturate(6175%) hue-rotate(79deg) brightness(115%) contrast(128%)"

Anyway, let me know if you notice any problems.

Previously, previously, previously.

Tags: , , ,


Sarah Sitkin:

Previously, previously, previously, previously, previously, previously, previously, previously, previously, previously.

Tags: , , , , ,

DNA Lounge: Wherein we surrender unconditionally to the coronavirus.

We deeply regret to inform you that we are no longer requiring proof of vaccination to enter DNA Lounge.

Let's start with some facts:

We held out until the bitter end. DNA Lounge was among the first nightclubs to require proof of vaccination, long before it was legally required. We were the only nightclub to actually verify that proof by scanning QR codes rather than accepting any old easily-photoshopped picture.

But within the last few weeks, nearly every other nightclub has stopped requiring vaccinations. We surveyed 40+ venues, and it's basically universal at this point. Most of them haven't made any announcement of this, they just quietly stopped. A few have updated their web sites with the new policy, but many have just scrubbed the word "COVID" from their web sites entirely.

So why are we following suit? Because we can't afford not to.

Being the only nightclub checking vaccination status doesn't really do anybody any good. It costs us business without actually making anyone safer, since all of our customers are going to be comingling with the unvaccinated at every other club and restaurant in town. (It's like you're at an orgy with a hundred people and there's one dude wearing a condom.)

And because it has been making booking be more difficult. We've lost some shows because the artists' agents believe, rightly or wrongly, that our vaccination policies will mean lower attendance.

And because our COVID grant money is about to run out. We can't afford to continue excluding such a huge proportion of our potential customers when none of our competition are doing the same.

"I wish the nightlife community would come together and have consistent vaccination policies."
"Wait, no, not like that."

Venues that are no longer requiring proof of vaccination include:

All of the AEG Golden Voice venues (Warfield, Regency, Great American Music Hall, Coachella); all of the Live Nation TicketMaster venues (Fillmore, Masonic); all of the Another Planet venues (Greek Theatre, Bill Graham, The Independent), 1015 Folsom (but their vax checks had always been performative at best), Midway and Great Northern (they never checked at all, that's probably why Breed likes partying there); Cat Club, Yolo, Audio, Oasis, Temple, The Chapel, Public Works, August Hall, The Grand, City Nights / Club X, Cafe du Nord, Swedish American Hall, Bottom of the Hill, Brick and Mortar, Neck of the Woods, Bimbo's, Monarch, Holy Cow, Halcyon, F8, End Up, Ivy Room, New Parish, and UC Theatre.

We didn't check in on every corner bar, but that's most of the larger places, and it's certainly a statistically damning sample. Also, a couple of venues on that list are accepting a negative test result in lieu of vaccination, which counts as not checking at all. You can be infectious and asymptomatic for a week or more before a test shows positive.

There are lots of things that we could be doing to bring this pandemic to an end, but we as a society are simply not doing most of them.

We can all look forward to years of people telling us, "It's just a cold, everybody gets it twice a year, whatever." And your personal experience may support that in the short term, because with vaccinations, probably very few people you know will be hospitalized. But Long COVID is a god damned hurricane of multiple sclerosis, diabetes, chronic fatigue, weird clots, loss of lung capacity, brain damage, and inexplicable neurological conditions, and it's coming right at us.

And in this hurricane, instead of building levees and storm drains, the government is telling us, "everybody should take personal responsibility for deciding what level of moistness they are comfortable with".

And in this hurricane, as it uproots trees and batters your storm windows, your friend rolls their eyes and asks, "Are you just going to stay home forever?"

To the many of you who have thanked us for our policies, who have told us that DNA Lounge was the only venue in which you felt safe -- because we were the only ones who seemed to be taking this pandemic seriously -- thank you for your support. And I'm sorry. We are no longer able to provide you with that island of safety.

A while back someone on Twitter said something like, "I'll be wearing a mask at all shows until DNA Lounge says you don't need them at theirs." That was a very nice thing to hear, a vote of confidence in our science-based policies.

To be clear, that is not what we are saying.

What we are saying is, you should absolutely still wear a mask, and you should only congregate with others who are all masked and boosted. But DNA Lounge can no longer mandate that, because Capitalism Says No.

We are welcoming back with open arms the unvaccinated, the unboosted, the unmasked. We intend to pack them in, shoulder to sweaty shoulder, spittle flying everywhere. We are doing this because we can't afford not to. Much like our mayor, and the CDC, we are not following the science, we are following the money.

If that sounds horrible to you, that's because it is.

Tags: ,

Excess deaths

The Economist has published many interactive graphs:

Although the official number of deaths caused by covid-19 is now 6.2m, our single best estimate is that the actual toll is 20.7m people. We find that there is a 95% chance that the true value lies between 14.4m and 24.3m additional deaths.

Including their methodology and source code.

This article summarizes: What a Single Metric Tells Us About the Pandemic:

As a measure of pandemic brutality, excess mortality has its limitations -- but probably fewer than the conventional data we've used for the last two years. [...] It accounts for huge differences in the age structures of different countries, some of which may have many times more mortality risk than others because their populations are much older. And to the extent that the ultimate impact of the pandemic isn't just a story about COVID-19 but also one about our responses to it -- lockdowns and unemployment, suspended medical care and higher rates of alcoholism and automobile accidents -- excess mortality accounts for all that, too. [...]

But the U.S. took the opposite course. In 2020, the U.S. had done a bit worse than average among its OECD peers. In 2021, when pandemic outcomes were often determined by the relative uptake of American-made vaccines, the U.S. did much, much worse than that. In country after country in Europe, the pandemic killed a fraction as many last year as it had the year before. In the U.S., it killed more. A year ago, it was possible to defend the American record as merely below average -- worse than it should have been but not, judging globally, cataclysmically bad. Today, it is cataclysmically bad, which is both outrageous and ironic, given that it is largely American vaccine innovation that has changed the pandemic landscape for the rest of the world. [...]

How did this happen? The answer is screamingly obvious, if also, in its way, confusing: The U.S. drove an unprecedented vaccine-innovation campaign in 2020, which empowered much of the world to turn the page on the pandemic's deadliest phases, then, in 2021, utterly failed to take advantage of its power itself. But what is perhaps even more striking is that American vaccination coverage isn't just bad, by the standards of its peers, but getting worse. About two-thirds of Americans have received two shots of vaccine, a level that is in line with Israel and not far off from the U.K., though below many other wealthy countries. [...]

But over the last six months, the country has had an opportunity to make up that gap with boosters and has simply not taken it. Only 29 percent of Americans have had a booster shot of vaccine, which puts us behind Slovenia, Slovakia, and Poland and means that less than half of those people happy to be vaccinated a year ago have chosen to get a third shot through Delta and Omicron. Booster campaigns seem like an obvious opportunity for easy public-health gains, yet remarkably few Americans seem to think it's worth the trouble.

And here's an email exchange I had just yesterday. We are catastrophically fucked.

From: ...


I am vaccinated but don't have my booster, me and my friends would like to come to DNA lounge and I had a lot of fun last summer but haven't been able to anymore, is this going to change anytime soon?

Let me know,


To: ...

Go get a booster.

From: ...

I have had covid twice... I don't see the point

Previously, previously, previously, previously.

Tags: , , , , ,

Contra Chrome

At first I misunderstood this, and thought that Scott McCloud ("Understanding Comics") was having some serious remorse over having taken Google's blood money, but no, this is an outstanding remix of his product brochure by Leah Elliott:

Contra Chrome: How Google's Browser became a threat to privacy and democracy:

With her meticulous rearrangement of Scott McCloud's Google-commissioned Chrome comic from 2008, she delivers what she calls "a much-needed update". Laying bare the inner workings of the controversial browser, she creates the ultimate guide to one of the world's most widely used surveillance tools.

Interestingly, Google released McCloud's original propaganda piece under the "CC BY-NC-ND" license. Creative Commons, that's good, right? Well, that particular license explicitly prohibits "derivative works". Fortunately this is a textbook example of the fair use exemption to copyright law: a derivative work making extensive use of the original in order to comment on that work itself.

"Fair Use", of course, is a concept that is entirely inimical to Google's entire product line. They're working hard to eliminate it through a new lobbying effort called "Notice And Stay Down", which would essentially require every web site to implement a Youtube-style, automated, fair-use-ignoring, copyright-maximalist Content-ID system. And since building those is hard, it means that everyone would have to just license Google's.

Previously, previously, previously, previously, previously, previously, previously, previously.

Tags: , , , , , , , , ,

MITM Instagram

Dear Lazyweb,

It has been over two years since I last asked this, so I'll ask again:

How do I mitmproxy the Instagram app, from macOS, iOS (real or emulated), or Android (emulated)?

Answer only if you've seen it work with your own eyeballs, please. No guessing. No "here's a 4 year old page that says it should work."

Please read the extensive comments on the previous post for all of the things that didn't work last time.

Last time, I was able to solve my problem by proxying the Flume app, but it hasn't been updated in 3 years and that binary now crashes at startup, even on macOS 10.13.

The proximate goal is to figure out what goes in a 'configure_to_story' request when adding a 'link' sticker, using the private instagram API.

Previously, previously.

Tags: , , , , , , ,

  • Previously