Full Width [alt+shift+f] Shortcuts [alt+shift+k]
Sign Up [alt+shift+s] Log In [alt+shift+l]

New here?

Welcome! BoredReading is a fresh way to read high quality articles (updated every hour). Our goal is to curate (with your help) Michelin star quality articles (stuff that's really worth reading). We currently have articles in 0 categories from architecture, history, design, technology, and more. Grab a cup of freshly brewed coffee and start reading. This is the best way to increase your attention span, grow as a person, and get a better understanding of the world (or atleast that's why we built it).

13
In “Towards a standard for bearer token URLs”, I described a URL scheme that can be safely used to incorporate a bearer token (such as an OAuth access token) into a URL. That blog post concentrated on the technical details of how that would work and the security properties of the scheme. But as Tim Dierks […]
over a year ago

Improve your reading experience

Logged in users get linked directly to articles resulting in a better reading experience. Please login for free, it takes less than 1 minute.

More from Neil Madden

The square roots of all evil

Every programmer knows Donald Knuth’s famous quote that “premature optimization is the root of all evil”, from his 1974 Turing Award lecture (pdf). A fuller quotation of the surrounding context gives a rounder view: I am sorry to say that many people nowadays are condemning program efficiency, telling us that it is in bad taste. […]

4 months ago 25 votes
Digital signatures and how to avoid them

Wikipedia’s definition of a digital signature is: A digital signature is a mathematical scheme for verifying the authenticity of digital messages or documents. A valid digital signature on a message gives a recipient confidence that the message came from a sender known to the recipient. —Wikipedia They also have a handy diagram of the process […]

6 months ago 16 votes
Machine Learning and the triumph of GOFAI

I’ve been slowly reading Brian Cantwell Smith’s “The Promise of Artificial Intelligence” recently. I haven’t finished reading it yet, and like much of BCS’s writing, it’ll probably take me 3 or 4 read-throughs to really understand it, but there’s one point that I want to pick up on. It is the idea that “Good Old-Fashioned […]

9 months ago 18 votes
Galois/Counter Mode and random nonces

It turns out you can encrypt more than 2^32 messages with AES-GCM with a random nonce under certain conditions. It’s still not a good idea, but you can just about do it. #cryptography

10 months ago 16 votes
SipHash-based encryption for constrained devices

I see a lot of attempts to define encryption schemes for constrained devices with short authentication tags (e.g., 64 bits) using universal hashing. For example, there’s a proposal in CFRG at the moment for a version of AES-GCM with short tags for this kind of use-case. In my (admittedly limited) experience, these kinds of constrained […]

11 months ago 12 votes

More in technology

Skylight and the AT Protocol

Since my last piece about Bluesky, I’ve been using the service a lot more. Just about everyone I followed on other services is there now, and it’s way more fun than late-stage Twitter ever was. Halifax is particularly into Bluesky, which reminds me of our local scene during the late-2000s/early-2010s Twitter era. That said, I still have reservations about the service. Primarily around the whole decentralized/federated piece. The Bluesky team continues to work toward the goal of creating a decentralized and open protocol, but they’ve got quite a way to go. Part of my fascination with Bluesky is due to its radical openness. There is no similar service that allows users unauthenticated access to the firehose, or that publishes in-depth stats around user behaviour and retention. I like watching numbers go up, so I enjoy following those stats and collecting some of my own. A few days ago I noticed that the rate of user growth was accelerating. Growth had dropped off steadily since late January. As of this writing, there are currently around 5 users a second signing up for the service. It was happening around the same time as tariff news was dropping, but that didn’t seem like a major driver. Turned out that the bigger cause was a new Tiktok-like video sharing app called Skylight Social. I was a bit behind on tech news, so I missed when TechCrunch covered the app. It’s gathered more steam since then, and today is one of the highest days for new Bluesky signups since the US election. As per the TechCrunch story, Skylight has been given some initial funding by Mark Cuban. It’s also selling itself as “decentralized” and “unbannable”. I’m happy for their success, especially given how unclear the Tiktok situation is, but I continue to feel like everyone’s getting credit for work they haven’t done yet. Skylight Social goes out of its way to say that it’s powered by the AT Protocol. They’re not lying, but I think it’s truer at the moment to say that the app is powered by Bluesky. In fact, the first thing you see when launching the app is a prompt to sign up for a “BlueSky” account 1 if you don’t already have one. The Bluesky team are working on better ways to handle this, but it’s work that isn’t completed. At the moment, Skylight is not decentralized. I decided to sign up and test the service out, but this wasn’t a smooth experience. I started by creating an App Password, and tried logging using the “Continue with Bluesky” button. I used both my username and email address along with the app password, but both failed with a “wrong identifier or password” error. I saw a few other people having the same issue. It wasn’t until later that I tried using the “Sign in to your PDS” route, which ended up working fine. The only issue: I don’t run my own PDS! I just use custom domain name on top of Bluesky’s first-party PDS. In fact, it looks like third-party PDSs might not even be supported at the moment. Even if/when you can sign up with a third-party PDS, this is just a data storage and authentication platform. You’re still relying on Skylight and Bluesky’s services to shuttle the data around and show it to you. I’m not trying to beat up on Skylight specifically. I want more apps to be built with open standards, and I think TikTok could use a replacement — especially given that something is about to happen tomorrow. I honestly wish them luck! I just think the “decentralized” and “unbannable” copy on their website should currently be taken with a shaker or two of salt. I don’t know why, but seeing “BlueSky” camel-cased drives me nuts. Most of the Skylight Social marketing material doesn’t make this mistake, but I find it irritating to see during the first launch experience. ↩

23 hours ago 3 votes
Remember when the Switch 2 was *only* going to cost $449?

Nintendo Life: Nintendo Delays Switch 2 Pre-Orders in the US Amidst New Trump Tariffs Nintendo has delayed pre-orders for the Switch 2 in the US while it evaluates the potential impact of new tariffs from The Trump Administration. And A $2,300 Apple iPhone? Trump tariffs could make that happen.

22 hours ago 2 votes
Reading List 04/5/2025

China’s sulfur emissions, Japan’s new semiconductor effort, declining sunbelt housing construction, water competition in Texas, and more.

5 hours ago 2 votes
Cyber Forensic Expert in 2,000+ Cases Faces FBI Probe

A Minnesota cybersecurity and computer forensics expert whose testimony has featured in thousands of courtroom trials over the past 30 years is facing questions about his credentials and an inquiry from the Federal Bureau of Investigation (FBI). Legal experts say the inquiry could be grounds to reopen a number of adjudicated cases in which the expert's testimony may have been pivotal.

yesterday 2 votes
Is The Sofistication In The Room With Us? - X-Forwarded-For and Ivanti Connect Secure (CVE-2025-22457)

What's that Skippy? Another Ivanti Connect Secure vulnerability? At this point, regular readers will know all about Ivanti (and a handful of other vendors of the same class of devices), from our regular analysis. Do you know the fun things about these posts? We can copy text from

yesterday 2 votes