However, if you previously had remote content disabled in Mail.app on iOS or MacOS, it seems that you have to do it again after upgrading. By default, Protect Mail Activity is enabled, which allows remote content to be download, albeit in the background. If you want to fully block remote content, you have to disable Protect Mail Activity, and enable Block All Remote Content. This works in both iOS and MacOS.
If you’re not familiar with a Proxy Auto-Configuration (PAC) file, it’s a JavaScript function that determines whether web requests should be forwarded to a proxy server or not.
There’s a minimal set of JavaScript functions defined that you can use to conditionally send your web traffic through a proxy. One of those functions, isInNet(), returns true if an address (an IPv4 address) is included in a given network range. Unfortunately there are no functions in this standard set that provide similar support for IPv6 addresses.
There are many IPv6 parsing libraries on GitHub, but all of them depend on at least a few npm packages. I’m normally not one to complain about npm dependencies, but this is once instance where the dependency model is not really tenable.
Here I’ve put together a copy/pastable inIPv6Range() function that provides limited functionality for determining whether a given IPv6 address is in a predetermined range.
functionexpandIPv6( ipv6 ) {
const parts = ipv6
.replace( '::', ':' )
.split( ':' )
.filter( p => !! p );
const zerofill = 8 - parts.length;
// Fill in :: with missing zerosreturn ipv6
.replace( '::', `:${ '0:'.repeat( zerofill ) }` )
.replace( /:$/, '' );
}
functionparseIPv6( ipv6 ) {
ipv6 = expandIPv6( ipv6 );
// Check is valid IPv6 address
ipv6 = ipv6.split( ':' );
if ( ipv6.length !== 8 ) {
returnfalse;
}
const parts = [];
ipv6.forEach( function( part ) {
let bin = parseInt( part, 16 ).toString( 2 );
while ( bin.length < 16 ) {
// left pad
bin = '0' + bin;
}
parts.push( bin );
});
const bin = parts.join( '' );
returnparseInt( bin, 2 );
}
functioninIPv6Range( ipv6, low = '::', high = 'ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff') {
ipv6 = parseIPv6( ipv6 );
low = parseIPv6( low );
high = parseIPv6( high );
if ( false === ipv6 || false === low || false === high ) {
returnfalse;
}
return ipv6 >= low && ipv6 <= high;
}
Code language:JavaScript(javascript)
If you clean this up or add CIDR support, let me know!
MacOS Mojave introduced Dark Mode, which allows MacOS users to enable a darker interface. According to Apple:
In Dark Mode, the system adopts a darker color palette for all windows, views, menus, and controls. The system also uses more vibrancy to make foreground content stand out against the darker backgrounds.
InĀ Safari Technology Preview 68, they’ve also added support for websites to add support for Dark Mode with a new media query:
@media (prefers-color-scheme: dark)
Code language:CSS(css)
I’ve added support to my theme, which now looks like this in the latest Safari Technology Preview if you’ve got Dark Mode enabled:
I’ve been running Pi-hole, the “black hole for Internet advertisements” for a while now. It started out as an excuse to get a Raspberry Pi, but I consider this a somewhat important security appliance now. One of the nice things about Pi-hole is, like Ghostery, it’s easy to see what’s being blocked. Unlike Ghostery, though, it works for the entire network. So things like the Xbox and smart TV are included. For example, I noticed that TCL TVs track what you’re watching even if you “Limit ad tracking”.
I think we should stop calling them ad blockers. This is a security device. Most of these arenāt āadsā. Itās the junk that comes along with the ads. pic.twitter.com/SVN7YvKUgk
I also run Unbound on the Raspberry Pi, which forwards to Cloudflare and OpenDNS over an encrypted connection. The Docker configuration I use for Unbound is on Github.
There are tons of caching options for WordPress. Some of the popular plugins are Batcache, WP Super Cache, and W3 Total Cache. There are also services like Cloudflare and Fastly. On VIP Go, we use Varnish instances distributed across the world and route traffic to the nearest server over our Anycast network.
I’ve used almost everything on my blog over the years, but this time I wanted to keep it simple. Since I already use Nginx for SSL termination and proxying to a Docker container, I decided it would be easiest to cache the HTML there.
301s (permanent redirects) are cached for 24 hours
Everything else is cached for 5 minutes
Pages are only cached if they’ve been accessed 3 times to avoid filling the cache unnecessarily. If you’re logged in or have a cookie that looks like it could be valid, you bypass the cache completely to avoid caching logged in data. One of my favorite parts is that I can serve stale content if there’s a server error. So if I break the Docker container, ideally people won’t notice š
Ultimately this is easier to maintain than any of the other things I’ve tried and just as effective.
