From 842e060532524fabea5a5109b8ed9413a7416a0c Mon Sep 17 00:00:00 2001 From: Rohan Kumar Date: Wed, 19 Oct 2022 13:12:40 -0700 Subject: [PATCH] Semantics: fix authorship - Fix use of shortcodes in some pages so authorship is parsed correctly - Explicitly show author for each entry in a data feed, so parsers don't get confused by reply-authors. --- content/notes/browser-development-moratorium.md | 4 ++-- content/notes/more-aspects-to-contrast.md | 2 +- content/notes/openssl-replacements.md | 2 +- content/notes/re-spearphishing.md | 2 +- content/posts/floss-security.md | 2 +- layouts/_default/list.html | 7 +------ 6 files changed, 7 insertions(+), 12 deletions(-) diff --git a/content/notes/browser-development-moratorium.md b/content/notes/browser-development-moratorium.md index 7b98a36..f5c4ed9 100644 --- a/content/notes/browser-development-moratorium.md +++ b/content/notes/browser-development-moratorium.md @@ -2,11 +2,11 @@ title: "Browser development moratorium" date: 2022-06-18T13:38:34-07:00 --- - What if Firefox and Chromium placed a year-long moratorium on all new browser features unrelated to security, accessibility, and internationalization? Effort not spent on those initiatives could be re-directed towards bugfixes. Defining the word "major" might be hard but I think it's an interesting idea. I'm not too worried about including Safari since it could spend those months catching up. -Inspired by a similar article by {{}}{{}}: {{}}{{}} +Inspired by a similar article by {{}}{{}} + diff --git a/content/notes/more-aspects-to-contrast.md b/content/notes/more-aspects-to-contrast.md index c9db9a8..e1044c8 100644 --- a/content/notes/more-aspects-to-contrast.md +++ b/content/notes/more-aspects-to-contrast.md @@ -3,7 +3,7 @@ title: "More aspects to contrast" date: 2022-07-03T22:16:09-07:00 replyURI: "https://github.com/Myndex/SAPC-APCA/discussions/74" replyTitle: "Dark Mode Color Palettes and APCA" -replyType: "https://schema.org/DiscussionForumPosting" +replyType: "DiscussionForumPosting" replyAuthor: "Ayush Agarwal" replyAuthorURI: "https://microblog.ayushnix.com/" --- diff --git a/content/notes/openssl-replacements.md b/content/notes/openssl-replacements.md index f37c12b..1db1f9f 100644 --- a/content/notes/openssl-replacements.md +++ b/content/notes/openssl-replacements.md @@ -3,7 +3,7 @@ title: "OpenSSL replacements" date: 2022-07-06T09:31:42-07:00 replyURI: "https://social.treehouse.systems/@ariadne/108601160601729437" replyTitle: "I am going to…write an OpenSSL wrapper for BearSSL and just make OpenSSL die in Alpine entirely" -replyType: "https://schema.org/SocialMediaPosting" +replyType: "SocialMediaPosting" replyAuthor: "Ariadne Conill" replyAuthorURI: "https://ariadne.space" --- diff --git a/content/notes/re-spearphishing.md b/content/notes/re-spearphishing.md index 32fd1c0..66c44e2 100644 --- a/content/notes/re-spearphishing.md +++ b/content/notes/re-spearphishing.md @@ -9,7 +9,7 @@ replyAuthorURI: "https://xeiaso.net/" --- I think that using a dedicated air-gapped machine just for opening PDFs is a bit much if you don't rely on assistive technologies to read PDFs. A much less nuclear option: Qubes OS has an excellent [PDF converter](https://github.com/QubesOS/qubes-app-linux-pdf-converter) to convert PDFs to safe bitmaps, and back into PDFs. The results are completely inaccessible, so I wouldn't recommend sharing the final artifacts; however, this approach is fine for personal use. -The Qubes blog covers this in more detail: {{}}{{}}, by {{}}{{}} +The Qubes blog covers this in more detail: {{}}{{}}, by {{}} SaaS can actually be helpful when it comes to processing potentially-malicious files. In high school, we had to make heavy use of Google Drive. One approach that I used to use was to open a PDF with Google Docs and export the resulting Google Doc. diff --git a/content/posts/floss-security.md b/content/posts/floss-security.md index 1f75a7d..936fb8d 100644 --- a/content/posts/floss-security.md +++ b/content/posts/floss-security.md @@ -152,7 +152,7 @@ Unfortunately, some components are poorly understood due to being obfuscated usi Skochinsky's and Corna's analysis was sufficient to clarify (but not completely contradict) sensationalism claiming that ME can remotely lock any PC (it was a former opt-in feature), can spy on anything the user does (they clarified that access is limited to unblocked parts of the host memory and the integrated GPU, but doesn't include e.g. the framebuffer), etc. -While claims such as "ME is a black box that can do anything" are misleading, ME not without its share of vulnerabilities. My favorite look at its issues is a presentation by {{. +While claims such as "ME is a black box that can do anything" are misleading, ME not without its share of vulnerabilities. My favorite look at its issues is a presentation by {{. In short: ME being proprietary doesn't mean that we can't find out how (in)secure it is. Binary analysis when paired with runtime inspection can give us a good understanding of what trade-offs we make by using it. While ME has a history of serious vulnerabilities, they're nowhere near what [borderline conspiracy theories](https://web.archive.org/web/20210302072839/themerkle.com/what-is-the-intel-management-engine-backdoor/) claim.[^11] diff --git a/layouts/_default/list.html b/layouts/_default/list.html index 4cd7e2e..0cb4b6a 100644 --- a/layouts/_default/list.html +++ b/layouts/_default/list.html @@ -23,12 +23,7 @@ {{ .Title }} -

- Posted - {{- if gt (sub .Lastmod.Unix .Date.Unix) 3600 -}} - , updated {{ .Lastmod.Format "2006-01-02 15:04" }} - {{- end }} -

+ {{- partial "post-meta.html" .}} {{- if eq .Section "notes" }}
{{- if .Params.replyURI -}}