Logs were our lifeblood. Now they're our liability

This is an interesting post, and is an important one to think about. We need to remember that although now we've got lax data privacy / retention laws, it's only going to get more user-focused and protect everyone more (which is universally a good thing!) but that we need to make sure we're architecting things in the right way to handle this.

Also, while you're thinking about this - have a read through some production logs and wonder "what could a bad actor do with these? Could they phish a customer? Could they steal their identity? Or are these so useless that we may as well not be logging anything at all?"

Recommended read: Logs were our lifeblood. Now they're our liability



Completely agree with this, as a meetup organiser, and would go one step further to say if you're able to RSVP if you're not coming that'd help too, otherwise there's the assumption you'll turn up, especially if you're a regular!

Recommended read: RSVP Rant


I will not be attending Cyber Nottingham - October Meetup on

It's a shame as this sounds good, but it clashes with and as it's Hacktoberfest it's going to be pretty busy, methinks!


Against TDD

This is an interesting read - I'm a big fan of TDD but a few things here hold true

Recommended read: Against TDD


Reply to

Regarding our conversation yesterday for OAuth and API aggregation, I mentioned that while working on PSD2/Open Banking we've been doing similar, for instance with a third party who would register on behalf of a fourth party.

I've tracked down as the definition for the way this works with the use of new fields in the Signed Software Assertions (for use with

It may be worth reaching out to OpenID/Open Banking to see if they've got this officially specified about this, or whether this is the latest source of truth you can use

Hope this helps with your hope to standardise this into an OAuth spec!


Nothing like a fire alarm when you're fast asleep to get the blood moving..


Let’s write more blog posts: an experiment

#10MoreBlogPosts sounds like a great initiative - hope that it'll help get more folks into blogging.

I've found it's really helped me personally since starting to work on blogumentation (blogging as a form of self-documentation )

Recommended read: Let’s write more blog posts: an experiment


It's been an awesome day at IndieWebCamp Amsterdam!

The afternoon was chatting about licenses and ownership, then looking at how to migrate folks from silos to IndieWeb with a long term strategy, then some discussions about events, RSVPs and calendars, and finally all things syndication.

Got some great discussions, and lots of interesting things to play with tomorrow at the hack day!


Interesting start to the morning at IndieWebCamp Amsterdam - we've spoken about accessibility of the Web and IndieWeb, and about how private posts and privacy should work


I'm really enjoying the intros at IndieWebCamp Amsterdam. Its nice to see the range of websites, the technology usages, and that some folks are posting while they're talking while others haven't touched their sites in years.

It's an exciting chance to get reinvigorated!


En route to my first IndieWebCamp (Amsterdam) after a great couple of days at DevOpsDays London.

I'm really looking forward to meeting some folks and talking about owning more of my little corner of the Web, and meeting the faces behind the websites I frequent!


Yesterday I met someone who, after my talk Overengineering Your Personal Website at last year's DevOpsDays London, started building their own website. That's awesome! 🙌🏼