Paged Out #6 [pdf]

Gratz Gyn!

The world needs more 'zines.

Love this zine! Great work. Glad I saw it.

https://pagedout.institute/download/PagedOut_006.pdf#page=3 to skip to the ToC.

Nice, really liked the AI stuff.

Love the look of this - has vibes of Crash magazine from the 1980s

I had to stop when I got to usb foot switches as I had already spent enough time looking through this! Great lil zine. I’ll check it out and priors later.

Is it possible to order this as a print magazine delivery? Or is it only for download and print at home? I would love to receive a magazine like this in the mail!

Hey, PO!'s lead here. It's not available yet, but we're working on making it available via some digital print services like lulu.com. There's no definitive timeline for this, but we're pushing to make it happen before the next issue (which is planned around June/July).

Thanks! Kudos to the rest of the team and the authors :)

The "How to use a Python variable in an external Javascript (Django)" examples are likely vulnerable to an XSS attack, when the variable contains user supplied content.

It's important to output-encode for the correct context. By default, Django encodes template variables for an HTML context, which can allow XSS when output inside a script tag or as a JavaScript file.

Thanks for making this! I got an invite to contribute some time ago but didn't have the time to put something together - it looks amazing though; I'll have to figure out something good next time.

I really really like this. Especially “Spotting Quacks with Puzzles”. Very unique approach to tackling media literacy, couldn’t be better timed with the new 4o image generation update.

Author of Differentiable Architecture Search page here! I hope the overview of the technique is helpful and you had a good time reading. If you have any comments or feedback I will very much appreciate

Gyn, Aga and reviewers like Xusheng and others do really a great job! They are responsive, helpful and pleasant to work with. If you think about writing a piece, it’s definitely worth your time

Not who you are replying to but thanks for mentioning lulu.com - I have a camera manual pdf that I have been meaning to get printed as a spiral bound book and their rates look quite reasonable.

Oh hey I wrote that one! Thanks for the kind words. I'm hoping it can get the creative problem solver audience of PO!/HN thinking about the challenge of media literacy education

Thanks! I'll pass this to the author.

Out of curiosity I've started looking in Django docs (I'm more of a flask person myself), and they seems to confirm what you're saying. More to the point, the `strings` are the main issue. The default autoescape actually encodes ' and " as HTML entities, but doesn't encode a backslash, so leaving a \ at end of a ' or " string would escape the string ending - this would be exploitable if the attacker controls two strings of the same "type' in a row.

I guess this is the proper way to do it: https://docs.djangoproject.com/en/5.1/ref/templates/builtins...

Agreed! I've used them for printing a few larger PDFs as well, and the only part which I cringe at usually is the shipping cost (which it's bad, it's just that the print is so cheap there shipping looks pretty significant next to it).

Random story/context: I've actually learnt about lulu from Intel - a decade ago or something, when they stopped shipping Intel Manuals for free to anyone who asked, they redirected people to lulu to get a printed-on-demand copy.

I really like this. Reminds me of ezines and webzines. However, I'm tempted to ask - how to comfortably read this on a computer if you don't have a reasonably good vision? Either you have to scroll up and down to follow the content, or you see whole page at once, but need to squint to read contents.

Agreed! If we went full latex, it could be make a two way like arxiv recently did with html5 rendering of latex

(PO! lead here) You are right, that's one of the unfortunate limitations of the format – having to constantly scroll the PDF. And this is on me, since ultimately I've made some decisions when establishing it which basically boxed us into this format.

I.e. thanks to using a PDF we can give authors full flexibility on how to lay out their article, which allows folks to be really really creative (as you can see in this issue). The obvious problem with that (apart from countless hours foxtrot_charlie - our DTP/PDF programmer - has to spent on fighting with PDF weirdness) is that reading an A4 PDF isn't great for phones, computers screens, or tables. It's even worse if you're using a screen reader, since getting PDFs in the way we get them and making them screen reader compatible is... complicated, to say the least (that's why it's not yet there). On the flip side, everyone has a PDF reader nowadays, articles look everywhere the same (this wouldn't be true for other formats), and it's also printable almost out of the box.

So, pros and cons. At the end of the day I don't think there's an easy out for us without breaking any of the things which make Paged Out! what folks like about it. The things I want to improve is getting printed versions more accessible, and some day finally getting solid screen reader support. But other than that I do believe the scrolling problem with remain with the zine.

ETA: Actually I also want "readings" of articles to become a thing. From the get go we put the in the author's license (note: not all articles use it, but most do) the ability for folks to agree to have their articles be recorded in an audio form. I think that would be cool for folks who like consuming things like audiobooks or podcasts. And it would save us from scrolling (for the cost of having illustrations described instead of seeing them).

Printable subscription would be nice. It often times just helps financing the venture, as well as for sponsors to have something on hand.

I'd still keep in mind that this format severily limits reach in times where short (kudos for one page thing!) and accessible form is an expectation.

Nevertheless - I will keep reading and spreading the word.

Tangenatially. How would audio reading work for posts with code samples and diagrams in it? Do you have an example of that?

Let's go... thanks for including my article, asn-check.

Just a couple pages later there's a rust in python article, gotta try this to speed up the program further.

Thanks @GICodeWarrior for taking time commenting on the article. Shamefully, I can already imagine a scenario on how the attack could be carried out. Fortunately, the vulnerability can be corrected by introducing escapejs template filter. Big thanks to @gynvael.

That's true, my experience was the same!

You hit the nail on the had with your question – this is the most problematic part of it.

Most illustrations are a bit simpler to handle than code and the way is pretty much paved by HTML img alt texts (the well written ones, that actually can substitute for the illustration by conveying the same information). Ideally we should receive the ALT texts from article authors, but effectively (for now) it would be up to the person reading to come up with a solid substitution text.

Code is a different can of worms. My favorite idea so far is to basically explain what the code does as close as possible, without actually reading it, and then having a separate audio track with the code being read (likely just by a text-to-speech algorithm, though possibly augmented a bit to include things like "next line" or "this line has a 2-level indent" for Python code).

I don't have an example yet, but let me get back to you on that next week, since I was thinking of doing recordings for my two articles in this issue.

Sadly that's not doable for us. LaTeX, for all its benefits, has terrible user experience and would drive away a lot of authors. One of the benefits of using PDFs is that anyone can use almost any tool they feel comfortable with to make the article (except for Photoshop - we banned Photoshop PDFs because they are ridiculously constructed). For example, I use Google Slides for my articles (which seems like a weird choice, but it's so easy to do complex one-of formatting in it).

That is a reasonable tradeoff for sure. I’m still thinking what could we do to improve readibility on mobile devices though

Yeah. I don't think it's a solvable problem, but ideas are always welcome :)

I like the journal format, especially the illustrations - they are human made, not AI made - builds really good atmosphere. However, I don't particularly support the idea of using illustrations made by Russian artists who currently live in Russia (and pay taxes, with all the consequences) when there is such a variety artists to choose from.

Can we please not discriminate against people because of what their governments are doing?

Thoughtful intelligent people deserve to be included regardless of what regime they live under.

in my opinion there is a pragmatic aspect to it,

to put it simply, the taxes paid go to finance "whatever their government are doing".

also, do you think, like - all russians are against the war and don't have imperialistic mindset. it's just their government to blame? I'd say there is a decent part that got affected by propaganda both imprinted into education and news.

I don't know about the artists contributed to the journal (do you?), but in my opinion it is just a safer bet to find an artist unrelated to Russia.

apart from that, promoting russian culture (i.e works by russian artists) while it is actively destroying culture of other countries - means contributing to the process.

you let your mind be corrupted by media and government. dont hate hundred millions of people because of the actions of a handful. dont be silly.

It would be good to figure out how many people actually care about printability. Perhaps what you could do is:

1. HTML is the primary format for articles. Authors can do whatever tricks they like in CSS, but are encouraged to make their layouts reasonably responsive. JS should be limited to things that actually benefit the article (such as LaTeX rendering or simple live examples).

2. The article must fit on one page when printed to PDF using a mainstream Web browser.

3. The author should provide a PDF file. It could just be the output of printing the HTML to PDF from a browser, or it could be something fancier, as long as it fits on a page and has the same text as the HTML version.

Looking at the most recent issue, most articles could be faithfully reproduced with a typical modern Markdown implementation (one that supports tables and code highlighting, and maybe LaTeX math) and some simple CSS.

> It would be good to figure out how many people actually care about printability.

The final goal is to do mass prints of Paged Out! to give out at events. We've already done that once, and we're chatting with sponsors and events about doing more of this. And actually "how can I get a printed issue" is THE most common question we get from readers. So there's interest in a printed version from both sides (readers + our team).

With regards to the HTML idea – it was something I considered as well (and an idea I come back to from time to time). The issues that made me decide against it are:

- Not everyone knows HTML/CSS on a level that would allow them to express what they want. This would downgrade the "creativeness" of layouts. While some typical text processors or WYSIWYG editors can output decent HTML, that's not true across the board.

- Asking authors to do more work (especially to fight with making sure HTML behaves correctly when printing to PDF), would have a negative effect – I a significant chunk of authors would pull out.

- It does solve readability issues for typical text layouts. It doesn't solve them for more creative layouts, especially on mobile phones.

- For better or worse almost every newsletter, blog, news website, etc on the internet uses HTML format. I think I prefer PO! to stay in the magazine category.

Anyway, I'm going to be revisiting this idea from time to time, especially if PO! happens to get more funding for whatever reason.

I mentioned some points above, that aren't encouraging hatred. They mention what makes me personally feel uncomfortable reading the journal.

As I said, I don't make any claims about the artists in the topic. They may be good and intelligent people. I'm sorry if I expressed this point not clear enough.

For articles with more complicated layout needs, the HTML version could be simplified, uglier, designed with wider accessibility in mind. But the PDF version would be the one where the pretty, print-friendly layout could shine.

All JSON serializers worth their salt can serialize a single string to JSON, so the simplest way is to do json.dumps(the_string) and mark the string as safe so that it doesn't get escaped twice.

Thanks for sharing! I’m proud to have written “Deriving Music Theory with Python”, featured on page 51.

First of all let me say that I think this is a really great zine. I'm not really a zine guy, but I'm really excited about this. But, gently, let me say this format kind of sucks for reading. I generally HATE reading on paper, but this had me saying "I'd buy this on paper". My biggest gripe is I read partway through last night, and then wanted to go back to it today and my browser "suspended" that tab so I'm back at the front page. Probably like if I laid down a print pub. ;-) I guess the right answer there is to download and open it in a pdf reader.

All that said, I'd encourage you to NOT switch to HTML and leave it as PDF. There's something about it.

Setting some gentle publication conventions could help a lot with this. For example, requiring two-column or three-column format greatly improves article readability on mobile.

The small taxes any Russian would pay for this pales in comparison to the income Russia is generating from selling oil to Europe. Should we also boycott all of Europe too?

Simple JSON encoding alone is not sufficient if you put the output into a <script> tag.

<script>const user_input = "</script><script>alert(1)//"; ...

Encoding for each scenario can be quite complex unfortunately. Django does have some template filters to help.

I recommend following the documentation carefully, and using a JSON API or other similarly standard mechanism if the documented options are insufficient.

If you're interested to explore lots of XSS edge cases, I've found this CTF to be enjoyable.

https://alf.nu/alert1

Re PDF/HTML...

I suppose it's not the literal file format, although I do see value in a format that is closer to "everyone gets the same experience" (c.f. recent blogpost about grammarly extension borking CSS)

I miss when you got one edition of your favourite mag, once a month, and could read it beginning to end, or on any order you fancy, but you got _an amount_ of content and could complete it.

Web properties of any scale now do not really have a "size" that you can experience. You can't "complete" them.

And this breaks up a communal experience. I'm on HN, and so are you: but we're not on the same HN. Whereas if I see you picking up Total Guitar, I could ask you if you got anywhere with the Satch tab in October's edition.

Is that what you were driving at?

yes! or a 2/3 ish of the printable area column plus a 1/3 ish margin notes column.

a single column on a4 simply is too wide anyhow...

https://en.wikipedia.org/wiki/Column_(typography)#:~:text=Fo...

Great magazine, but not without limitations. The one page limit effectively means each article is at most a minimal anchor for a topic (and sometimes an ad for the author), so not a lot gets conveyed. PoC || GTFO and Phrack are better for content in my mind. Also, the typesetting variability is a definite con for me, causes fatigue. Each page is visually a world unto its own, which is straining. I understand LaTeX excludes certain authors since it is less user friendly, but is there not a way to have the best of both worlds? Have you considered a locally hosted Overleaf?

A vertical monitor

I've thought about this problem a lot, and come down to the conclusion that that means that this is basically art, as opposed to pure information/an educational resource.

Art is almost always inaccessible to someone because that's part of what constitutes "art". Music is inaccessible to the deaf. Paintings are inaccessible to the blind. Food is inaccessible to those unable to smell.

If the purpose of the thing that you're creating is art, then it is necessarily inaccessible along the dimensions of your artistic freedom. (obviously, intentionally making it inaccessible along other dimensions, such as requiring a verbal test in order to view a painting, is silly, but we're not considering that) That's just what art is. That doesn't mean that you can't strive to make it a bit more accessible (e.g. with readings of content that a screen reader would have a hard time parsing), but merely that you have to acknowledge that (1) there's some parts of your art that certain people will never be able to experience (which is not your fault) and (2) that some things will be economically (in the spiritual sense, e.g. including volunteer time) infeasible to make accessible.

Conversely, if what you're making is meant to be a purely functional resource, then you should probably strive to make it accessible - but the only reason you can do this in the first place is because you've made a value decision to sacrifice aesthetics/art in the name of function.

That's a very long way of saying that I think you're taking a very reasonable position on this.

The format of Paged Out! – the 1 page limit, the custom layout, are done on purpose. They have their downsides of course – exactly as you have pointed out. It has to be recognized, that so do the no-page limit / strict layout publications (and I am writing this as someone who has been cooperating with several technical magazines as both a reviewer/editor and an author over the last 15 years).

In a typical magazine authors feel the pressure to write long articles about everything, and they don't feel comfortable posting short notes on cute tricks. So Paged Out! is basically meant to fall into this 1-page niche where short notes on cute tricks can find a happy home.

Is this 1-page format limiting? Yes, it is. Can you write everything in this format? No, you can't. And that's OK.

We're not trying to be PoC || GTFO or Phrack (both of which are wonderful btw and I'm a huge fan of both; there's a lot of love flowing in the zine community btw - see e.g. DNS TXT records for pagedout.phrack.org and phrack.pagedout.institute). We just found our own niche of short articles to occupy.

As for the layout chaos – I understand what you mean. At the same time, this is another niche which I put PO! in on purpose. I sometimes joke that PO! is a therapy for me after having to squeeze my idea into the exact layout a publisher wants, or after reviewing too many waaay too long articles for another magazine.

This is to say: I recognize your points and I believe you are right. At the same time I'm pretty happy with this little flawed niche I found and put PO! in.

Two more links about these two points: https://pagedout.institute/?page=faq.php#why-one-page & https://pagedout.institute/?page=faq.php#layout

Thanks for raising this question, and I agree it is important. Maybe encouraging independence from the russian oil would be a more efficient way to go. Of course, it can't happen immediately, but if some countries consciously don't want to work in this direction - such situation may constitute a safety threat to Europe - and this shouldn't be left without attention.