Discover more from hrbrmstr's Daily Drop
Fugitive Emissions; Plasmo; Tauri 1.0
It's likely obvious by now that I'm a big fan of NASA's Earth Observatory. I'm regularly in awe of the diverse views their satellites provide of our tiny (in the grand scheme of things) blue marble. Sometimes said awe devolves into lesser emotions when NASA's images paint bleak figures of what we humans continue to do to our home.
NASA has a carbon monitoring system with some hefty mission objectives:
Use the full range of NASA satellite observations, modeling/analysis capabilities, and commercial off-the-shelf technologies to establish the accuracy, quantitative uncertainties, and utility of products for supporting national and international policy, regulatory, and management activities.
Prototype the development of carbon Monitoring Reporting and Verification (MRV) systems which can provide transparent data products achieving levels of precision and accuracy required by current carbon trading protocols.
Harness unique capabilities of NASA centers and the NASA-funded investigator community, making use of competitive peer review wherever possible.
Rapidly initiate generation and distribution of products, both for evaluation and to inform near-term policy development and planning.
Engage with, and contribute to, related U.S. and international stakeholders and agencies.
Earlier this year, the CMS released data on their analyses of greenhouse gas emissions from 2016 to compare with the last full self-reported country data as required after the establishment of the U.N. Framework Convention on Climate Change (UNFCCC).
NASA took a deep-dive on emissions resulting from fossil fuel production, a.k.a. "fugitive emissions". The section banner map is full-resolution, so you can right-click, open in new tab to see a bigger image you can zoom around. In doing so, you'll see something I didn't expect (before reading the article):
Those dots that look like they're following paths are flow management stations along pipelines. I realize that the proponents of "more pipelines" won't care that they're contributing to atmospheric destruction in yet-another way (most don't believe in climate change, despite the fossil fuel companies themselves knowing the truth), but this new view may help bolster your own defenses if/when you have to fight to keep these pipes from your own area.
The emissions are even more stark of you look at Russia/Europe (and it will help folks further understand why it's been hard for EU countries to wean themselves off of Putin's evil fuel supplies).
You can grab the data here and I hope NASA takes some time to do another, more recent view.
Browser extensions are evil, dangerous beasties. They generally have full access to everything on a web page you're viewing, can make arbitrary network connections, and can inject anything into your browsing session (all things you generally "want" them to do). Careless developers, listless extension collection curators, and far-too-curious users are just some reasons an extension you're using may be malicious.
I try to use as few extensions as possible, opting (mostly) for ones that have an open source repository where I can inspect the code and build from source.
Creating your own browser extensions can be a painful experience, especially when the world's most popular browser maker keeps changing the rules to their own benefit. Yet, creating your own plugins is a far safer way to extend browser functionality (provided you keep track of your third-party library supply chain dependencies).
Plasmo [GH] aims to make building browser extensions as "simple" as making modern web pages. The scare-quotes are due to the fact that modern web pages are far from simple, with many web frameworks taking quite some time to master. But, if you are familiar at all with React and/or Tailwind you'll feel right at home.
The tools/service isn't just helping ease extension development. Getting extensions into app stores is a tedious affair, and the creators of Plasmo have made it a far less painful experience than managing the process on your own.
Readers are likely very familiar with the terrible invention called Electron, where an entire Chromium engine is shoved into a pseudo-native OS app container so lazy front-end developers can avoid rolling up their sleeves to learn how to develop proper native apps, forcing you to regularly buy a new machine and run up electricity bills due to the CPU and memory requirements involved in Slacking a
/giphy image to your work-mates.1
Tauri is, in their own words, "a toolkit that helps developers make applications for the major desktop platforms - using virtually any frontend framework in existence. The core is built with Rust, and the CLI leverages Node.js making Tauri a genuinely polyglot approach to creating and maintaining great apps."
So, yes, Tauri is another way for front-enders to make us use web apps in the browser, but at least it's more secure than Electron:
In today's world, every honest threat model assumes that the user's device has already been compromised. This puts app developers in a complicated situation because if the device is already at risk, how can the software be trusted?
Defense in depth is the approach we've taken. We want you to be able to take every precaution possible to minimize the surface area you present to attackers. Tauri lets you choose which API endpoints to ship, whether or not you want a localhost server built into your app, and it even randomizes functional handles at runtime. These and other techniques form a secure baseline that empowers you and your users.
Slowing down attackers by making static attacks crushingly difficult and isolating systems from one another is the name of the game. And if you are coming from the Electron ecosystem - rest assured - by default Tauri only ships binaries, not ASAR files
By choosing to build Tauri with security as a guiding force, we give you every opportunity to take a proactive security posture.
and relies on the native web engine for rendering (so there's no need to ship Chromium around).
The 1.0 release aims to make developing with Tauri a more consistent experience with beefed up2 documentation, and a solid foundation to make it possible to develop equally terrible iOS and Android apps.
Don't forget that the next Jan 6 hearing is today. ☮
As you can see, I have no strong opinions about Electron.
Tofu’d-up for vegans/vegetarians.