Made some tortillas today! I think I can still add a bit more water to the dough

Oof, a €5.99 server on Hetzner is now €17.99 Fortunately existing servers aren't affected and I don't need more servers than I already do

Started playing DK Bananza again without camera shakes and it feels much better to play Gonna try to complete it now

Went to find a chef knife and came home empty handed again :(

Got my Let's Encrypt ACME client fully working!

Started work on this and I'm now implementing DNS queries with UDP/TCP Quite fun

Ordered a raspberry soda at a nice little cafe but it’s disgustingly bitter Why would you use tonic water???

Can people share how fast this website loads on average and where you're accessing it from? In Tokyo, around 500ms initially and 170ms on subsequent requests ash-speed.hetzner.com

A better way to phrase what I want to build might be Coolify but for Cloudflare, specifically the CDN, static site hosting, analytics, and TLS part Essentially the entry point for all my websites hosted on Hetzner

I think I'm going to consolidate all my projects to a VPS and build something similar to Coolify I'm considering Hetzner since I don't hate the dashboard UI and it's been pretty reliable but I'm open to suggestions

I built my own storage engine on top of the file system and it was pretty fun working with stuff like flock, O_TMPFILE, linkat, renameat2

Actually why am I using a CDN at all? It's not like I have tons of users and Tokyo to US-East is 200ms, which is honestly fine. I can just add a second server in Singapore or Tokyo too if I need < 100ms

New blog post on my auth book! I started a new auth project again: pilcrowonpaper.com/blog/17

Also, the new auth book is replacing the copenhagen book (which is now archived) I wanted to consolidate everything under a single place and using my own domain felt like the best choice

Announcing my auth book! A completely free online resource on implementing auth with fully-featured examples Over 10,000 words right now and I still have plenty of things to write about auth.pilcrowonpaper.com

I thought about building provider-specific OAuth packages and the API isn't bad but it just doesn't feel necessary

I've been trying to find a VPS provider with fixed costs (including bandwidth) with organization management and Hetzner seems to be the only real option

My most downloaded NPM package is actually the encoding package which provides APIs for hex, base32, and base64 It's used by Astro but I'm hoping to deprecate it when Node 24 reaches EOL (2028 lol) since Node 25 added Uint8Array.toBase64 and Uint8Array.fromBase64

Do we really need a library for OAuth? Especially since providers can add their own request parameters (login_hint=SUB) and response fields ("refresh_token_expires_in": 3600) It's mostly just a JSON validator at this point

Why does my OAuth library have this many weekly downloads???

Added a content security policy to the auth examples

All the auth topics I've written about so far What's missing?

Wrote about 10,000 words for my auth book now Hoping to release the initial version within a week!

I’m skimming through the specification for device bound session credentials and I wonder why something simpler like request signing wouldn’t work

Decided to have pages for individual components of auth (passkeys, email verification codes, passwords, etc), and then have separate pages on how to combine them into a single auth system with specific implementation details in the book

Wrote about 3,000 words just on WebAuthn and still haven’t started writing about the passkey-specific stuff

WebAuthn is going to take up a good chunk of the auth book lol

When exactly would you use WebAuthn attestation statements anyway?

Pulled the trigger, had the education discount and it's going to arrive sometime around my birthday M5 MacBook Air, 32GB memory, 512GB storage, US keyboard

unfortunate reality of tech conferences in japan

Talk me out of replacing my M3 Pro MacBook Pro with an Air

New blog post on WebAuthn! Kinda boring but I didn't find a lot of articles about it on the web Understanding WebAuthn credential protection policy: pilcrowonpaper.com/blog/16

"Business" cards I made the other day! Got it printed at a place that uses a printing process similar to screen printing

Just had a wonderful dinner with @sapphi.red, @sosukesuzuki.bsky.social, and @jakebailey.dev!

TSKaigi today!

Protocol for verifying email addresses Sounds interesting but not sure how I feel about browsers sending a request with session cookies etc to the email provider’s website to authenticate github.com/WICG/email-v...

Realistically, the best way to reduce exposure to supply chain attacks and package vulnerabilities is to just have less dependencies. That goes for packages too, most of which should have zero dependencies

Finished writing + polishing all these pages Gonna starting working on webauthn and passkeys next

I was too lazy to add GitHub Actions that formats and tests PRs to my repos and I think that was the correct decision lol

Nah old me was correct to hash them lol Reverting the change...

What can NPM realistically do to reduce supply chain attacks? Maybe only allow packages with pinned dependencies? I don’t think GitHub can do much either other than making Actions a little less confusing

Here are my top 6 pizzas in Tokyo after eating at over 30 spots around the city! And yes, they're all on par with pizzas I've had Naples (maybe even better :D) pilcrowonpaper.com/blog/15

Oh fuck off with this AI shit

All 27 Neapolitan pizza places I've eaten at Blog post coming soon!

What's the most common UUID string?

So far 26 Neapolitan pizza places in Tokyo 5 NY pizza places in Tokyo 5 pizza places in Naples/Campania + a few more I don’t remember

Final pizza place on my list! One of the best I’ve had recently Going to start working on my ranking now

Updated my profile picture! New vs old

Decent pizza but great appetizers One more pizza place on my wishlist!

dumbest bug I've had recently lmao