This is mostly on-purpose research. More passive input, things encountered by chance or in a similarly roundabout way, is filed under ephemera. See also output.

Just pushed an update to this site.

The Browse page is now mainly an index of taxonomies and archives (years, post formats, categories, tags). This new index replaces the opacity-based tag cloud. I kind of miss it, but it was problematic. Very hard to digest, and the lighter greys were way too low-contrast.

Besides the index, most of the changes are related to accessibility. I focused on making the tabbing experience a bit better, introducing a couple skip links. Note that I haven’t totally ironed out the tabbing… Most of my manual testing for this update was done in Chrome. I checked it briefly in Safari and it’s pretty weird, but I think it may have to do with the default Safari settings. I haven’t adjusted these yet, read more about Safari tab settings on a11yproject.com. Besides the tabbing, I also had a handful of links that weren’t suitably descriptive, particularly on the new term index. I added more aria-label attributes where I could. See the “Using aria-label for link purpose” page on the WCAG wiki for more info.

I’m trying to work on accessibility a bit more on an ongoing basis. Need to take a little dive in to this Hacker News thread, via this tweet.

See also:

There are probably a million a11y optimisations I can / should still make on this site. Suggestions are very welcome.

The experience of the Self that is given in the existence of a personality comprises five conditioned attributes, namely, corporeal form (rûpa), sensations (vedanâ), perceptions (saññâ), emotions (sankhâra) and consciousness (viññâna). These five clusters (pañca khandha) determine all the body and mental phenomena of our contingent and finite experience. The North–American Buddhist philosopher Robert Thurman gives us vivid images of each of the mentioned elements:

We begin by looking at the body. We can […] thump our chests and say, ‘I’m me’, but surely we are not just a bunch of ribs. We look in the mirror and say, ‘There I am’, but we say the same thing when we see old snapshots of ourselves […] We can explore cells, axons, and dendrites; molecules, DNA, and RNA; atoms, subatomic quantum particles, unnameable forces and energies. Nowhere we can find anything still, static, independent. […]

We can move on to our minds and begin by sifting through our feelings, sensations, pleasures, pains, or numbnesses. […] I investigate my sensory surfaces and, after some time, give up finding any stable, self–sufficient ‘I’ anywhere along them.

Then we can move into images, words, symbols, ideas, concepts, mental pictures. This at first seems promising. ‘I’ is a word, after all. The names ‘Alice’, ‘Joe’, ‘Carol’, and ‘Shakyamuni’ all are nouns. When I pronounce my own name, ‘Bob’, does an image of myself arise in my mind? Is it a recent snapshot of my face? […] A curriculum vitae? A biography? Is it a favorite logo? A trademark? A symbol? […] None touches the essence of ‘me’. […]

We can move deeper into the motions of the mind, into emotions. When ‘I’ love or am in love, I feel powerfully present, even in the moment of feeling that solidity melting. When ‘I’ hate, I am carried away by destructive impulses […] – all these energies seem to take hold of ‘me’, or seem to emanate from ‘I’. But as I think them through, observe them in actuality or in memory, they seem fully bound in relationships. […]

At last we come to awareness itself, to look at our very consciousness […] But to turn toward my center of awareness, I have to tell my awareness to turn back on itself.

Thurman, Robert, Inner Revolution: Life, Liberty, and the Pursuit of Real Happiness, New York: Riverhead Books, 1998 (pp.74–79)

What we can say is that our personality is but the result of a combination of those five elements – to the point that the belief in its autonomy and permanence ends up being a suffering–causing illusion. In none of the mentioned clusters would we be able to detect the presence of an autonomous and unconditioned subject; therefore, the insistence in any of them will necessarily lead to suffering.

Correia, Carlos João, Personal Identity and Eastern Thought”, Filozofija i Društvo, vol 20 no 3, Belgrade: University of Belgrade, 2009 (pp.74–75)


I came across Prof. Correia’s paper when doing a bit of research on western vs. eastern perspectives on identity and the self. Side note: I don’t think I’ve ever seen such a strong profile photo as the one on Bob Thurman’s site.

70’s wallpaper in Rebecca’s Flat at Raven Row, London

Last night was my third Agorama Server Co-op meet up in Rebecca’s Flat, a delightfully dilapidated space at Raven Row. I think it was actually the fifth though, I missed the last two due to illness which was a real bummer. The weekend jam sounded particularly great.

This particular meetup was more informal and a little smaller than usual. It ended up being a really nice, wandering conversation on the multifaceted possibilities of the distributed web, what it could look like.

The notes below are a sort of a prompt dump, snippets I wrote down at the time because I didn’t want to forget it or wanted to look in to it more. See all Server Co-op write-ups here.


Dark Crystal is now up and running on Patchbay (ssb client). Got Samsung funding, woohoo! Possible to create bot that receives shard? Think they’re trying to avoid that, the human element is kind of critical.

What about physical crypto? Microdots are worth checking out. Microdot tattoos?

Asked what ppl think about potential threat of quantum computing to modern cryptography methods, response was a little not as I expected (this is why I come to these things!). Personally I’ve been feeling a little tin-foil-hat-y, but general consensus from the other voices in the room seemed to be pretty ambivalent since the theory far outstrips the practicalities currently. Which is true, but it also just feels kind of like an arms race (particularly since it involves hardware / infrastructure). Whoever cracks it first wins the golden goose unless we can come up with cryptography that works against it. GP then mentioned the post-quantum crypto contest with NIST due to end pretty soon, looks pretty promising. I didn’t realise there was that much going on with quantum resistant algorithm research, so that makes me feel a bit better. I guess my concern is still there though, to a big degree. Banks, for example, are on notoriously crappy tech that is rarely overhauled. What of them, and the other institutions we rely on? Oh lord, and voting tech…

Got talking about what I’d been up to (not much, see first para…) and mentioned that I ultimately decided not to move my site on to Dat, partly due to scale issues w/ static site generators (read more on this) but more to do with the fact that I think I’d rather use Dat for something new and neato, rather than just repurpose something that already exists and is doing ok in it’s current form. Then we started talking about static site generators more generally and someone mentioned Pelican, which I hadn’t come across before. It’s written in Python and originally released in 2010 (!), so up there with Jekyll as one of the earlier static site generators.

HL demoed his mother-of-all-apps for us, it looks *so great*! Absolutely something I would use. Really excited to see where he takes it. I need to look in to Hypercore and Expo a bit more. The first I’d heard of, the second not so much. Apparently Expo is a cross platform app framework built around React Native. Ppl could not say enough good things about it and honestly, it does look fantastic. Particularly as a tool to dip your toe in to app waters, so to speak.

Towards the end of the demo, the conversation wound through lots of different topics. Blockchain, platforms vs aggregators, a bunch of CS history (need to read more about that…), the sustainability of open source, etc. The rest of this note details snippets from this part of the conversation that I need to look in to more.

Services / apps / platforms I’d like to look in to a bit:

  • Mapeo, an “open source, offline-first map editor”
  • Manyverse, kind of Scuttlebutt for your phone but better (shouldn’t suck the life out of your phone trying to sync)
  • Node.js for mobile apps
  • Webrecorder, like a personal Wayback Machine; also, did you know you can sometimes find YouTube vids that have been taken down archived on the Wayback Machine?
  • TMYK

A reading list. (Some of these links are painful to open, some orgs really need to cool their jets on the pop-ups and trackers):

Some soundbites. These are paraphrased points made by others that I found super-relevant. Bits in square brackets are added by me for clarity:

  • “Ordering is the toughest thing to sort out” [when it comes to ledgers / append-only logs]
  • “Biggest problem with blockchain is the definition of consensus, and how to establish consensus”
  • Article 13 [aka the “upload filter” provision] is forcing people’s hand, we’re going to see a lot more of this.”
  • “So much of this bullshit has come from chasing the technology and not the needs.” Related: “But seriously… does it need to be an app?”
  • “The future of the web will be much more about interoperability than a black-and-white, decentralised vs centralised approach.”
  • “Porn is a canary in the coal mine for whether a piece of tech is ready for primetime.” [Is someone using it for porn? Ok, it’s going to gain traction.]
  • “Could we ever have another Xerox PARC?” “Probably not, research now is just too results-driven. A report every week, and sometimes the funder has already indicated what they’d prefer your results to be.”

So many distributed / decentralised web conversations get quasi-evangelical about how this or that tech will save the world. Why does it have to be winner takes it all? Different needs require different technologies.

We recognise biodiversity as a fundamental requirement of a healthy, thriving biosphere. Why don’t we champion technodiversity in the same way? Embrace the chaos.

“Moreish” is a word that doesn’t exist in American English, but it should.

We were discussing moreish-ness in relation to oatmeal cookies the other day. What makes a food moreish, something that hits the spot but also leaves a void, leaves you wanting a little more?

At the time, I felt that it requires multi-dimensionality, just enough contrast. When something is too on-the-nose, it isn’t moreish. Cookies without a pinch of salt, tomato sauce without a little sweetness.

Since then I’ve been thinking about moreish-ness a lot outside of the context of food, and the contrast idea stands up.

Outfits, websites, books, relationships. Requires more exploration.

“watermelon” by Sister Corita

We watched “Power Up: The Work of Sister Corita” this morning. The talk was given by graphic designer Barbara Glauber (see Heavy Meta and Yale School of Art) at The Cooper Union in November 2018.

It is a superb talk, and I’m beyond pleased that we were able to find and purchase a secondhand copy of the out-of-print book Someday is Now: The Art of Corita Kent online.

We have no art. We do everything as well as we can.

“daisy” by Sister Corita

Sister Corita was a nun, artist, and educator that worked in LA in the 50s-60s and in Boston later in life. See the ten Immaculate Heart College Art Department Rules.

Corita Kent used appropriation without irony or cynicism. She identified, combined, and repurposed the hopeful in the everyday. She was a prolific giver that shared seemingly without expectation of return. She used optimism as activism.

Ignore the persuaders

“r rosey runners” by Sister Corita

It is interesting that her appropriation of advertising copy seemed to wane later in life. Maybe advertising began to feel less optimistic to her, instead more sinister and insidious.

I wonder at how difficult it must have been to leave the order. Not just because it meant a return to the secular after a lifetime of regulation and restrictions, but also because it meant that she had to leave the resources of the art school, the playground she had so carefully cultivated. Her later work is still incredible, but it seems more weary and a little more laboured. “Bogged down” is one way of describing it. Her prints from the 70s almost veer in to motivational poster territory.

Salute your source

How to create or maintain the playground required for work with her sort of radical optimism? A major element is the physical space, both small (the room / studio) and large (the community / city). It is also the mental space.

Both of these spaces come at a premium now, though. I struggle to get enough of either.

It feels like there may be some sort of third space offered by working with the web, but I haven’t figured this out yet. When I try to work digitally, I get bogged down. How to experiment with the web in a way that is as gestural and intuitive as a line drawing?


  1. watermelon, serigraph, Sister Corita Kent (1965) 
  2. daisy, serigraph, Sister Corita Kent (1966) 
  3. r rosey runners, serigraph, Sister Corita Kent (1968) 

The images here are from the Corita Art Center website. See their online Collection for high-quality images and more details about her work, including transcriptions of the text within her prints.

They are currently seeking donations to acquire these pieces. Donate to the Corita Art Center here.

Q&A related to privacy-first messaging apps

I rely heavily on messaging services since many of my friends and family (probably the majority) live outside of the UK, as do some critical professional contacts. I mainly use WhatsApp for encrypted messaging but have wanted to move away from it for some time due to concerns about Facebook. The recent news regarding the integration of WhatsApp, Instagram messages, and Facebook Messenger has been the catalyst for actual change within my group of peers.

The Q&A below is an amalgamation of many different conversations I am having at the moment about moving to a more privacy-first messaging app. I have focused on Signal and Telegram for the time being since they seem to be the most likely candidates.

I’ve done my best to pull together this information in a fairly short time, and some of it is new to me. If any of it seems incorrect, let me know.


I have nothing to hide, and I have no fear of my data being used against me by a private company or the government. Why should should I make data privacy a priority when I’m choosing a messaging app?

There are many ideological arguments against the “I have nothing to hide” viewpoint, most of which I agree with. That said, it can be near-impossible to agree 100% on ideology, so perhaps it is better to consider the practical.

When your messages are not encrypted, their contents are visible to anyone that has access to them. In an ideal world that would only be you, the recipient, and whatever app you use to manage your messages. Unfortunately, the reality is more complicated and there are many weak points that can be exploited. For example, if the WiFi network you’re on is insecure, your messages will be exposed to unintended prying eyes. Think of the last time you connected to WiFi in an airport, hotel, or cafe. Was it always password protected? Was it clear who supplied the network?

You may not be worried even if your messages were compromised, surely there is nothing in your messages that could be of consequence. But what about the photos of your adorable 4 year old niece from your sister? The online banking details you sent to your partner since the rent payment failed and they needed to sort it out? The message to your worried mother about your blood test results? The company Twitter password you sent to a co-worker that urgently needed access?

There are some things that are best kept private, and encryption lets you do just that.

I’m concerned about the privacy of my data, but why should I switch when WhatsApp already has end-to-end encryption? Isn’t that enough?

It is certainly a great step in the right direction, but whether it’s enough depends upon how much you trust Facebook and how you feel about Facebook’s role in the spread of misinformation.

As things currently stand, WhatsApp’s privacy policy allows limited data sharing with Facebook even though messages are encrypted end-to-end. Since the integration between WhatsApp and Facebook is only being strengthened, I feel it is reasonable to think that the data sharing will continue or possibly grow.

I don’t personally have much confidence in Facebook regarding their use of my data, no matter how minimal, so WhatsApp is not my first choice for encrypted messaging.

Oh man, another app… I really don’t want another app

I’m with you! It’s frustrating. I don’t have a good answer for this, except that personally I’m going to try to cultivate a little more patience for multiple apps. The WhatsApp / Facebook “monopoly” is kind of what led us here in the first place.

Besides that, the best advice I can give is to frequently Kondo apps and micromanage your notifications. Smartphones give you great, granular control over notifications nowadays, so take full advantage. Turn off the chimes, turn off the lock screen notifications, turn off the message previews. It makes managing multiple messaging apps (and your sanity) a lot easier.

And finally, if you feel like one particular app is a really great fit, then advocate for it! If you’re enthusiastic about it and get your friends / family on board, you may find you have fewer apps to juggle.

My phone is ancient! What privacy-focused messaging app would offer support for my device?

It depends upon the limitations of your specific device.

Signal currently supports Android and iOS. You can find more information about Signal’s operating system requirements in their documentation. Telegram currently supports Android, iOS, and Windows Phone. You can find more information about Telegram’s operating system requirements in their FAQs.

I am not sure about the memory or disk space usage for the different apps though, this is something I would have to look in to further.

I’m very up for switching to a privacy-first messaging app, but the actual switch will involve convincing my contacts to leave too. I wouldn’t mind bringing this up, but it feels like a political decision. Political discussion is not welcome in my field / organisation / family / friend group. How can I approach this?

This is a very understandable and tricky concern. How best to approach this depends completely on your specific circumstances and relationships. It is impossible to give general advice, but I’ll give it a go.

You could delay the conversation, however I would say that even if you do not have the “should we make the switch” conversation with your contacts now, it will likely come up at some point due to the current trajectory of WhatsApp. When you do broach the subject, perhaps consider focusing on the practical upsides of switching to an encrypted messaging app (see answer to first question above for more on this).

If you feel you simply can’t bring this up, then of course you could always continue to use WhatsApp for certain conversations and use a different app for others. Though every app provider would probably prefer you believe otherwise, there is no rule against using multiple apps!

On a more general note, the mis-use of personal data has led to previously unimaginable consequences and turbulence in recent years. As such, every decision related to the transmission of personal data, even something as mundane as choosing a messaging app, is unavoidably political. So though we cannot avoid the political nature of the choice, we can control how we treat that choice. We can be passive, or deliberate.

What is preventing these privacy-focused messaging apps from being acquired by some tech giant and the cycle happening all over again?

If the messaging service is already controlled by private investors, perhaps not much. Here is a very brief summary of how Telegram and Signal are structured as organisations. Note that much of the information that follows has been gleaned via Signal article and Telegram article on Wikipedia.

Telegram is owned by Telegram Messenger LLP and has been funded by Digital Fortress LLC. They have stated that they are not for profit but are not structured as a nonprofit, possibly due to the overhead involved in setting up an official nonprofit. The sustainability of their business model is unclear, however they did put together an Initial Coin Offering (ICO) to fund a new blockchain platform and cryptocurrency. Activity around this seems to have halted in early 2018.

Signal is owned by Signal Messenger LLC which is funded by the Signal Foundation, a 501(c) nonprofit organisation whose mission is to make “private communication accessible and ubiquitous”. Much of the funding ($50 million) used to create this nonprofit came from Brian Acton, a WhatsApp co-founder. Acton left Facebook in late 2017 and is now the foundation’s Executive Chairman. Signal’s open source Signal Protocol is said to be used by a number of large entities (including WhatsApp) for encryption. Part of Signal’s ongoing business model may be to offer services in relation to their protocol, though that is just speculation.

Because of Signal’s nonprofit status, I feel more confident in Signal’s longevity as an independent entity.

Regardless, there will always be churn in this sector, so I would expect to switch again some day. I look at switching messaging apps in a similar way to how I look at switching banks. It is a big hassle to switch, but eventually the arguments for leaving outweigh the reasons to stay. So I switch, and then I keep tabs on it to ensure it remains the best of the options that are open to me.

I really rely on [insert very specific feature]. Would another privacy-focused messaging app support the features I need?

Perhaps! The best place to find out is the app’s own website, they’re jumping to tell you all of the great things their app can do. Another place that might be worth checking is Slant.

Personally, I am most concerned about conversation backups and mute / unmute capabilities.

I want to have some way of backing up my conversations in case I ever lose my phone. But with convenience comes a cost. Backups are notoriously tricky with encrypted messaging since they introduce another potential weak point, the server that stores the backup. With Signal, you can back up on Android but not iOS (though iOS backups do seem to be on their roadmap). Telegram seems to allow backups of some sort, but it is unclear what this means for encryption. The only easily-available information I could find currently was their related FAQ “Why not just make all chats ‘secret’?” and their founder’s blog post “Why Isn’t Telegram End-to-End Encrypted by Default?

Both Telegram and Signal seem to support conversation muting according to various documentation and articles I found online. The muting duration and other functionality offered by each service will likely be slightly different from WhatsApp.

If I’m going to switch to a more privacy-focused messaging app, which app should I choose?

The three biggest factors in choosing a messaging app are probably the user base, features, and data privacy.

From a data privacy perspective, Signal is likely the best choice. Signal is fully open source, meaning that the security in every aspect of the service can be reviewed and is publicly-verifiable. Though Telegram has an open API and protocol, the backend software is not open source so the security cannot be fully evaluated by a third party.

From a features perspective, it is probably safe to say that WhatsApp is the most fully-featured encrypted messaging app out there currently. It is hard to tell how those features might change over time in light of Facebook’s plan to integrate it with Facebook Messenger and Instagram. Telegram used to be more fully featured than Signal, but at the moment it seems about neck-and-neck.

In terms of user base, it seems impossible to get very accurate numbers. The better thing to do, perhaps, is to just ask around. See what your friends and family are already using. There is a very good chance that certain circles will prefer one to the other. Personally I have more friends on Signal than Telegram, but that may relate to the sector that I work in.

But as a final point, maybe just don’t choose. There is nothing wrong with using multiple messaging apps. I use FaceTime and iMessage with my family because they all happen to have iPhones (though Apple’s not perfect!). I use Signal with lots of friends. I’ll probably hang on to WhatsApp ultimately as well, for a little while at least, since certain contacts are going to struggle to switch to a different app for one reason or another.


A closing thought. Though I’ve focused on Telegram and Signal here, there are a lot of other encrypted messaging apps out there to explore.

For mobile, take a look at Viber, Line, Threema. For business-y stuff, maybe take a look at Wire or Keybase. If you’re just talking desktop and are interested in getting a little techy, check out Freenode and Scuttlebutt.

This is a conversation worth continuing.

I’ve been spending a bunch of time on the Host site recently and just wrote up some thoughts about working with Netlify CMS and GitHub Pages on SB-PH’s tucked-away blog.

TL;DR
Though it’s an unusual setup for a client site, I like the stack and would consider using it again for a similar project.

Read post

Edit 23 Jan 2019
I just deployed some small fixes (force curly quotes via the smartify filter, prevent Cards from showing if no image), but the site doesn’t seem to be updating. It’s updated if I navigate to https://hostofleyton.com/index.html but not https://hostofleyton.com. Kind of weird. This StackOverflow thread seems useful, as does GitHub’s own troubleshooting page.

Surfing with coffee #5. Order of exploration:

A
Noticed that HB starred Samiz-Dat on GitHub (↓B)(↓C)(↓D)

B
Hyperreadings (↓G)

C
Distributed, a book from OPEN Editions that “focusses attention on the act of distribution as a subject for serious creative consideration and one of great social and economic importance”. (↓D)

D
bradhaylock.com (↓E)(↓F)

E
Searched for Brad Haylock on Twitter. (↓L)

F
Surpllus (↓H)

G
Kenneth Goldsmith reflecting on the current state and possible future of UbuWeb after 15 years. Also relevant to the Whyspace event last Wednesday. “For the moment, we have no competition, a fact we’re not happy about. We’re distressed that there is only one UbuWeb: why aren’t there dozens like it?” (↓I)

H
Searched for Surpllus on Twitter. (↓L)

I
UbuWeb Twitter feed (↓J)(↓L)

J
RIP Filmstruck (↓K)

K
A wild, multi-armed internet search for an independent video rental hole-in-the-wall I went to probably around 5-6 years ago. Spent 20 minutes searching and couldn’t find it. Asked SB and he figured it out in about 30 seconds, see The Film Shop in Stoke Newington. Looks like it has probably gone the way of most other video shops though. :(

L
Hate how heavily I rely on Twitter to keep up with interesting peoples’ activity, especially after this past Saturday. Look in to alternative methods of creating/curating feeds outside of the social media rat race. (↓M)(↓N)(↓O)

M
Hardly Everything, “your feed with a cadence”.

N
Reeder for iOS and Mac (I think this is what SB uses).

O
Search for self-hosted RSS, came across Awesome self-hosted repo. See Feed Readers section specifically.

Saturday at Mozfest 2018

SB and I went to Mozfest for the first time last Saturday. What a lovely day! Took some haphazard notes throughout, see below for a dump of notes/links related to the sessions I attended. The bits in brackets are mostly thoughts that bounced around my head while taking notes during talks. All quotes are paraphrased.

Read more

my experience getting up and running with Homebase

I finally got round to exploring Homebase yesterday (jump straight to setup steps). My original intention was to get the SB-PH site on Dat + HTTPS à la this blog post by Tara Vancil. As far as I can tell though, without multi-writer support in Dat this setup would effectively lock Sam out of being able to quickly deploy changes. We’re interested in making that site a little bit more of a collaborative sandbox, so making deployment harder than it is currently is not the right step to take there.

So though I definitely want to get the SB-PH site on Dat eventually, we’re putting that on hold for now and I’m pivoting towards my site. In this blog’s earliest incarnation it was on Tumblr, and for a long while now has been a pretty standard WordPress site. The big task in moving to Dat, besides figuring out Homebase, is converting my site from WordPress to a static site via Jekyll/Hugo/Eleventy/GatsbyJS or something similar. It’s taking a while, I didn’t realise quite how much content has accumulated (1000+ tags?!) and there are a few WordPress-y features that I definitely want to build in (“more” tags, descriptions for tags+categories, proper pagination, etc.). More on that in a separate note.

So yesterday I put that aside and focused on getting Homebase up and running on a DigitalOcean droplet. Overall, setting up Homebase wasn’t too bad. The most involved part of the process was setting up the server. I kind of like tinkering with server stuff, so that’s cool. I 100% agree with the caveat at the top of the Homebase README, you should consider Homebase only if you’re comfortable with and interested in server administration. I would add that your interest should be *ongoing*. Servers take maintenance (related, see note on serverless setups). It’s your responsibility if a process stops running, or the software is out of date, or the Let’s Encrypt certificate doesn’t renew, etc. Hashbase looks like a great alternative for those that want the final result but don’t want to deal with the server configuration/maintenance.

The rest of this note is an outline of the steps I took to get Homebase working. Where good documentation exists elsewhere, I have linked to that instead of elaborating.

Read Homebase setup steps