From a4812c72c967d2998adecc8ff4f09747685724e5 Mon Sep 17 00:00:00 2001
From: Rohan Kumar <seirdy@seirdy.one>
Date: Sun, 11 Sep 2022 20:50:12 -0700
Subject: [PATCH] Add ssh-auditor and other details to "Uses" page

---
 content/about/ssh-policy.txt | 30 ++++++++++++++++++++++++++++++
 content/about/uses.gmi       |  6 ++++++
 content/about/uses.md        | 19 ++++++++++++++-----
 static/ssh-policy.txt        |  1 +
 4 files changed, 51 insertions(+), 5 deletions(-)
 create mode 100644 content/about/ssh-policy.txt
 create mode 120000 static/ssh-policy.txt

diff --git a/content/about/ssh-policy.txt b/content/about/ssh-policy.txt
new file mode 100644
index 0000000..65c312e
--- /dev/null
+++ b/content/about/ssh-policy.txt
@@ -0,0 +1,30 @@
+#
+# Custom policy based on seirdy.one (created on 2022/09/11)
+#
+
+# The name of this policy (displayed in the output during scans).  Must be in quotes.
+name = "Custom Policy (based on seirdy.one on 2022/09/11)"
+
+# The version of this policy (displayed in the output during scans).  Not parsed, and may be any value, including strings.
+version = 1
+
+# The banner that must match exactly.  Commented out to ignore banners, since minor variability in the banner is sometimes normal.
+# banner = "SSH-2.0-OpenSSH_8.8"
+
+# The compression options that must match exactly (order matters).
+# I've never needed it.
+compressions = none
+
+# The host key types that must match exactly (order matters).
+# Why do other key types still exist lmao
+host keys = ssh-ed25519
+
+# The key exchange algorithms that must match exactly (order matters).
+key exchanges = sntrup761x25519-sha512@openssh.com
+
+# The ciphers that must match exactly (order matters).
+ciphers = chacha20-poly1305@openssh.com
+
+# The MACs that must match exactly (order matters).
+# MACs are redundant with the chacha20-poly1305 cipher; don't use any.
+macs = 
diff --git a/content/about/uses.gmi b/content/about/uses.gmi
index 979b813..52d7f86 100644
--- a/content/about/uses.gmi
+++ b/content/about/uses.gmi
@@ -1,5 +1,9 @@
 Here's the software I use. I've recently started to reduce my use of TUIs in favor of CLIs, for a variety of reasons. When possible, I try to use lightweight programs that can run on any machine, from a single-board computer to a giant desktop. I don't ever want to feel like I need to upgrade my hardware to do the same tasks as before: hardware upgrades should only be justified by my use-cases significantly changing, existing hardware being broken beyond repair, or upstream abandonment of security patches.
 
+## Hardware
+
+My main computer is a 2013 HP Elitebook 840 G1. It has a dual-core Intel i5-4300U CPU (Haswell), with simultaneous multithreading disabled.
+
 ## Environment
 
 * OS: Fedora 36
@@ -42,6 +46,7 @@ Here's the software I use. I've recently started to reduce my use of TUIs in fav
 * rnp, a ping tool that supports TCP and QUIC "pings" to estimate handshake latency.
 * both curl and xh for HTTP testing.
 * kinvolk's wrk2 fork and bombardier for HTTP load-testing
+* ssh-auditor
 
 ## Other tools:
 
@@ -54,6 +59,7 @@ Here's the software I use. I've recently started to reduce my use of TUIs in fav
 * Efficient Compression Tool (better than Zopfli/ZopfliPNG)
 * scc
 * Pandoc
+* ghq, a VCS repository manager in the style of $GOPATH
 
 => https://github.com/psanford/wormhole-william wormhole-william
 => https://github.com/eafer/rdrview rdrview
diff --git a/content/about/uses.md b/content/about/uses.md
index f6adce6..1926265 100644
--- a/content/about/uses.md
+++ b/content/about/uses.md
@@ -11,7 +11,7 @@ Here's the software I use. I've recently started to reduce my use of <abbr title
 Hardware
 --------
 
-My main computer is a 2013 HP Elitebook 840 G1. It has an Intel i5-4300U CPU, with simultaneous multithreading disabled.
+My main computer is a 2013 HP Elitebook 840 G1. It has a dual-core Intel i5-4300U CPU (Haswell), with simultaneous multithreading disabled.
 
 Environment
 -----------
@@ -46,7 +46,7 @@ mpd
 : My music player daemon, paired with [my mpd scripts](https://sr.ht/~seirdy/mpd-scripts/) and [mpd-mpris](https://github.com/natsukagami/mpd-mpris).
 
 mpv
-: My video player. I have three builds of mpv: one normal build, and two with decoder libraries that have profile-guided optimization for different types of video (anime, and live-action that includes heavy filmgrain). Often paired with [yt-dlp](https://github.com/yt-dlp/yt-dlp) and [mpv_sponsorblock](https://github.com/po5/mpv_sponsorblock).
+: My video player. I have three builds of mpv: one normal build, and two with decoder libraries that have profile-guided optimization for different types of video (anime, and live-action that includes heavy filmgrain). Often paired with [yt-dlp](#yt-dlp) and [mpv_sponsorblock](https://github.com/po5/mpv_sponsorblock).
 : Also my main image viewer, since FFmpeg recently got support for JPEG-XL and AVIF.
 
 [swayimg](https://github.com/artemsen/swayimg)
@@ -122,7 +122,10 @@ Every administrator needs some tools to test their servers.
 : cURL supports a wide variety of features, protocols, TLS libraries, etc. `xh` is more focused on HTTP. I like to use both; when I don't need the features of cURL, I use xh for its simple color output and HTTPie-like syntax. Plus, it's nice to be able to test a server with two different HTTP+TLS implementations.
 
 [wrk2 (fork)](https://github.com/kinvolk/wrk2) OR [bombardier](https://github.com/codesenberg/bombardier)
-: Two great HTTP load-testers. wrk2 is mostly abandoned, but this fork has since added some features. When I need to test something like HTTP/2, I reach for bombardier. I haven't yet evaluated different HTTP/3 load-testers; I might have to hive h2load+nghttp3 a look.
+: Two great HTTP load-testers. wrk2 is mostly abandoned, but this fork has since added some features. When I need to test something like HTTP/2, I reach for bombardier. I haven't yet evaluated different HTTP/3 load-testers; I might have to give h2load+nghttp3 a look.
+
+[ssh-audit](https://github.com/jtesta/ssh-audit)
+: I check my SSH config against [this SSH policy](../ssh-policy.txt). It's based on the GrapheneOS infrastructure's SSH configs.
 
 Other tools
 -----------
@@ -131,7 +134,7 @@ Everyday utilities I can't live without:
 
 
 jq
-: Interpreter for the jq domain-specific programming language. Indespensible for creating, manipulaitng, and filtering data.
+: Interpreter for the jq domain-specific programming language. Indispensable for creating, manipulating, and filtering data.
 
 fzf
 : A fuzzy-finder that blends the CLI and TUI. Used for my program launcher, tab-completion, shell history search, Neovim menus (with telescope.nvim), and command-line path-completion.
@@ -150,7 +153,7 @@ z.lua
 [rdrview](https://github.com/eafer/rdrview)
 : The Readability algorithm on the command-line. Pairs nicely with Pandoc and/or w3m to extract and manipulate article content.
 
-[Efficient Compression Tool](https://github.com/fhanau/Efficient-Compression-Tool) (`ect`)
+[Efficient Compression Tool](https://github.com/fhanau/Efficient-Compression-Tool)
 : The last word in optimizing gzip or PNG size. Runs circles around Zopfli, ZopfliPNG, oxipng, etc. I use it in combination with `brotli` to compress all static text and PNGs on this site.
 
 [scc](https://github.com/boyter/scc)
@@ -162,6 +165,12 @@ Pandoc
 bmake
 : Much simpler than GNU Make, and good for ensuring that Makefiles are portable.
 
+[ghq](https://github.com/x-motemen/ghq)
+: A tool to manage version-control clones (Git, Mercurial, et al) in the style of `$GOPATH`. I have hundreds of repositories cloned from several different remotes, and this takes care of organizing them in my filesystem.
+
+<a href="https://github.com/yt-dlp" id="yt-dlp">yt-dlp</a>
+: Download videos from hundreds of different sites, including YouTube. Integrates with external downloaders like aria2 and downloads DASH chunks in parallel to max out your connection speed. yt-dlp also integrates with Sponsorblock to add skippable chapters for the segments I'd otherwise have to manually skip (sponsored content, subscription-begging, an ending segment featuring other videos, and other useless bullshit). I've forgotten what it's like to watch a video ad.
+
 This website
 ------------
 
diff --git a/static/ssh-policy.txt b/static/ssh-policy.txt
new file mode 120000
index 0000000..6710228
--- /dev/null
+++ b/static/ssh-policy.txt
@@ -0,0 +1 @@
+../content/about/ssh-policy.txt
\ No newline at end of file