The advent of web fonts popularised the use of icon fonts, i.e. fonts that consist solely of symbols and images rather than letters. Icon fonts such as Pictos, Font Awesome and Lucide have become well-known alternatives to image sprites, offering greater convenience and versatility. However, despite the abundant choice, pre-made sets don’t always meet the requirements of a specific website.

This article demonstrates how to create a custom icon font using FontForge. It describes the steps of importing an SVG image into a glyph in a web font. A tailor-made font lets you select icons that perfectly match your website’s needs.

CMYK is a subtractive colour model commonly used in printing. Letters in the acronym stand for the four colours used in the model: Cyan, Magenta, Yellow and… uhm… blacK? The myth goes that using ‘B’ for black would be confusing (on account of blue and brown existing), so powers that be decided to use the last letter of the word ‘black’ in the acronym. This is not quite true.

In fact, K in CMYK stands for Key or Key Plate.

A decade ago, I had the pleasure of organise DressCode — an online competition designed spark teenage students’ interest in computer science. Its participants completed a series of programming challenges one of which was to implement a few sorting algorithms. To make it more engaging, I’ve created a JavaScript harness which visualised the algorithm by animating a clowder of longcats. Feedback was positive, I was told, with students appreciating the visual element.

I’ve finally dusted off and updated the code hoping it will be useful to, for example, computer science teachers. After all, learning sorting algorithms through an interactive animation is more engaging than working with static lists of numbers. Following video shows that animation which can also be seen live.

I’ve previously written about escaping special characters in HTML using character entities. This article discusses another method of achieving a similar result: CDATA sections. It explains what CDATA is, how it’s used in XML, SVG, MathML etc., when it can be included in HTML5 file and how it impacts XHTML.

What is CDATA?

A CDATA section in an XML document instructs the parser to interpret the enclosed text literally, as pure character data, not as markup. It starts with the <![CDATA[ sequence and ends with the ]]> sequence. Within a CDATA section, characters which normally have special meaning — namely less-than sign and ampersand — are processed verbatim without the need to escape them. It provides a convenient way to embed¹ styles and scripts without having to worry about special characters as seen in Fig. 1:

Dear Reader, I have a question: should external (or outbound) links be styled differently from internal ones? For example, in a sentence like: ‘the recent events made me reconsider my earlier position on the matter,’ should the first link (to an external website) have a different style than the second (to another page on the same website)? I’d love to hear your thoughts in comments below. I’m particularly interested in existing UX research on the subject.

At the time of writing, this website uses an icon after the link to indicate it sends the user to a third-party website. This is inspired by Wikipedia which uses the same design. It adds information but also visual clutter and cognitive load. It doesn’t appear to be a common feature on the Internet. Hence my inquiry.

Rather than leaving you, Dear Reader, with only a question, I’ll now present how to achieve this styling using three different CSS methods. The effect needs two elements: selecting external links and changing their appearance.

Perusing glossy magazines,¹ I was made aware of CVE-2024-2912 which describes how a POST request could lead to remote code execution (RCE) in BentoML servers. A feature most users would rather live without. Bugs happen and I don’t want to criticise the developers unjustly, but knowing the root of the issue was Python’s pickle module, I can only wonder: How the fuck is this still happening?

pickle is insecure by design

import pickle
pickle.loads(b'cos\nsystem\n'
             b'(S"echo evil"\ntR.')

pickle serialisation uses a stack-based virtual machine with a ‘reduce’ operation which allows calling arbitrary Python functions (as shown in figure on the right). It’s no surprise it keeps popping up in security vulnerabilities. It’s been known for decades using picule invites trouble.² The documentation highlights the dangers quite clearly, but that’s apparently not enough.

Call to action

I call upon you to stop this madness. There are easy steps you can take to make everyone safer:

• If you see a junior developer type import pickle, mentor them and explain the module must never be used due to security holes.
• If you see +import pickle line during a code review, reject the patch.
• If you write Python code yourself, use an alternative serialisation method. Some options are listed below.
• And finally, if you’re Python project member, deprecate pickle. Many Python features have been deprecated already, so backwards compatibility by itself is not a valid excuse. C managed to get rid of gets, I believe it’s possible to heal Python as well.³

In ‘Your Screen is Secretly 30 Years Old’ video on The Science Asylum channel, Nick Lucid argues that 7-bit colour depth is sufficient for screens, claiming that 2 million colours (vs 16 million at 8-bit colour depth) ‘would be more than enough for most people’:

Can screens make fewer [than 16 million] colours without us noticing? The answer is absolutely yes. 16 million is an overkill. 2 million would be more than enough for most people. It’s just that controlling a screen with 16 million colours costs the same as the screen with 2 million because they use the same number of bytes.

This article interrogates that statement. To provide a visual baseline, Fig. 1 compares two grey gradients: one uses 8 bits per component (bpc) while the other uses 7 bpc. Fewer colour discrete levels lead the 7 bpc gradient to exhibit clearly visible banding (where rather than smooth transition between colours, places where colours change can be identified) immediately undermining the premise that 7-bit colour depth is perceptually indistinguishable from higher bit-depths.

If you’re a digital archivist, photography enthusiast or data hoarder, you’ve likely faced the ‘No space left on device’ error. Before you start deleting your files, there’s a way to reclaim space without losing a single pixel: JPEG XL. Unlike typical lossy transcoding which degrades quality, JPEG XL allows for bit-for-bit reconstruction of the original files.

JPEG XL is the newest image file format developed by the Joint Photographic Experts Group with, among other features, better compression. Normally converting between formats with lossy compression is inadvisable as it exacerbates quality loss; however, JPEG XL offers lossless JPEG transcoding.

Unlike normal conversion (e.g. from JPEG to AVIF), JPEG transcoding doesn't re-encode the image data. It merely repackages the existing information so that the original JPEG file can be recreated bit-for-bit. And all that with 22% better compression.

Even though using Linux has never been easier, newcomers often hit a confusing roadblock: the overwhelming choice of a distribution. Someone coming from Windows or MacOS will find the very concept of a ‘distribution’ to be alien, and the endless listicles and user arguments about which one is ‘best’ only make the confusion worse.

This article aims to clear up that confusion by providing a better way to think about Linux choices, so you won’t be overwhelmed by all the different options if you’re thinking of switching.

I’m delighted to share my paper I’ve presented at the IEEE/IFIP International Conference on Dependable Systems: ‘Be My Guest: Welcoming Interoperability into IBC-Incompatible Block­chains’.

It introduces the concept of a guest block­chain which runs on top of a block­chain and provides features necessary to support the Inter-Blockchain Communication (IBC) protocol. This enables trustless cross-chain interoperability between blockchains which would otherwise not support IBC-based communication. We demonstrate our approach by deploying the guest blockchain on Solana connecting it to the Cosmos ecosystem with performance comparable to native IBC implementations.