Use new "indieweb-person" shortcode

This should reduce a lot of repetition. Supports first/last names,
nicknames, generic names that don't conform to first/last norms, and
has basic support for affiliated organizations.

Also snuck in more info on website colors to the web best practices
article, inc. a link to Chris' Wiki.

Makefile.online

@@ -7,15 +7,15 @@ URL = $(SCHEME)$(DOMAIN)$(PAGE_PATH)
 # latest bleeding-edge chromium snapshot
 CHROME_PATH = /home/rkumar/Executables/ghq/github.com/chromium-unofficial-latest-linux/chromium-latest-linux/latest/chrome-linux/chrome
 CHROME_PROFILE = /tmp/chrome-lighthouse
-CHROME_FLAGS += --headless --disable-extensions --no-sandbox --no-first-run --user-data-dir=$(CHROME_PROFILE)
+CHROME_FLAGS += --headless --disable-extensions --no-default-browser-check --disable-client-side-phishing-detection --disable-component-update --disable-default-apps --disable-device-discovery-notifications --disable-domain-reliability --disable-background-timer-throttling --disable-breakpad --enable-blink-features=LayoutInstabilityAPI --no-first-run --disable-component-update --disable-background-networking --enable-features='EmbeddingRequiresOptIn,EnableDrDc,HttpsOnlyMode,PdfUnseasoned,StrictOriginIsolation,StrictExtensionIsolation,WebRtcHideLocalIpsWithMdns,ThrottleDisplayNoneAndVisibilityHiddenCrossOriginIframes,UseOzonePlatform' --user-data-dir=$(CHROME_PROFILE) --enable-quic --origin-to-force-quic-on=seirdy.one:443
 CPU_SLOWDOWN=2.4
-LIGHTHOUSE_ARGS += --budget-path budget.json --output html --output json --output-file lighthouse-results --throttling.cpuSlowdownMultiplier=$(CPU_SLOWDOWN) --plugins=lighthouse-plugin-resource-granular-summary --chrome-flags="$(CHROME_FLAGS)"
+LIGHTHOUSE_ARGS += --budget-path budget.json --output html --output json --output-file lighthouse-results --throttling.cpuSlowdownMultiplier=$(CPU_SLOWDOWN) --chrome-flags="$(CHROME_FLAGS)"
 
 hint-online:
-	hint --config .hintrc -f codeframe $(URL)
+	pnpx hint --config .hintrc -f codeframe $(URL)
 lighthouse:
 	mkdir -p $(CHROME_PROFILE)
-	npx lighthouse@next $(URL) $(LIGHTHOUSE_ARGS)
+	CHROME_PATH=$(CHROME_PATH) lighthouse $(URL) $(LIGHTHOUSE_ARGS)
 	rm -rf $(CHROME_PROFILE)
 redbot:
 	redbot_cli -a $(URL)

content/posts/floss-security.md

@@ -135,7 +135,7 @@ Manual invocation of a program paired with a tracer like `strace` won't always e
 
 Fuzzing doesn't necessarily depend on access to source code, as it is a black-box technique. Fuzzers like [American Fuzzy Loop (AFL)](https://lcamtuf.coredump.cx/afl/) normally use [special builds](#special-builds), but [other fuzzing setups](https://aflplus.plus/docs/binaryonly_fuzzing/) can work with just about any binaries. In fact, some types of fuzz tests (e.g. [fuzzing an API](https://github.com/KissPeter/APIFuzzer/) for a web service) hardly need any implementation details.
 
-Fuzzing frequently catches bugs that are only apparent by running a program, not by reading source code. Even so, the biggest beneficiaries of fuzzing are open source projects. [cURL](https://github.com/curl/curl-fuzzer), [OpenSSL](https://github.com/openssl/openssl/tree/master/fuzz), web browsers, text rendering libraries (HarfBuzz, FreeType) and toolchains (GCC, Clang, the official Go toolchain, etc.) are some notable examples. <cite><span class="h-card vcard"><a class="p-name url fn n" href="https://daniel.haxx.se/"><span class="p-given-name given-name">Daniel</span> <span class="p-family-name family-name">Stenberg</span></a></span></cite> wrote about <a href="https://daniel.haxx.se/blog/2020/09/23/a-google-grant-for-libcurl-work/" rel="cite">fuzzing curl</a>:
+Fuzzing frequently catches bugs that are only apparent by running a program, not by reading source code. Even so, the biggest beneficiaries of fuzzing are open source projects. [cURL](https://github.com/curl/curl-fuzzer), [OpenSSL](https://github.com/openssl/openssl/tree/master/fuzz), web browsers, text rendering libraries (HarfBuzz, FreeType) and toolchains (GCC, Clang, the official Go toolchain, etc.) are some notable examples. <cite>{{<indieweb-person first-name="Daniel" last-name="Stenberg" url="https://daniel.haxx.se/">}}</cite> wrote about <a href="https://daniel.haxx.se/blog/2020/09/23/a-google-grant-for-libcurl-work/" rel="cite">fuzzing curl</a>:
 
 <blockquote cite="https://daniel.haxx.se/blog/2020/09/23/a-google-grant-for-libcurl-work/">
 <p>
@@ -149,7 +149,9 @@ If you want to get started with fuzzing, I recommend checking out [the quick-sta
 
 A recent example of how fuzzing helps spot a vulnerability in an open-source project is [CVE-2022-0185](https://www.openwall.com/lists/oss-security/2022/01/18/7): a Linux 0-day found by the Crusaders of Rust a few weeks ago. It was discovered using the [syzkaller](https://github.com/google/syzkaller) kernel fuzzer. The process was documented on Will's Root:
 
-<cite class="h-cite"><a class="u-url p-name" href="https://www.willsroot.io/2022/01/cve-2022-0185.html" rel="cite">CVE-2022-0185 - Winning a $31337 Bounty after Pwning Ubuntu and Escaping Google's KCTF Containers</a> by <span class="h-card vcard"><a class="p-name url fn n" href="https://www.willsroot.io/"><span class="p-nickname">willsroot</span></a></span></cite>
+<cite class="h-cite">
+<a class="u-url p-name" href="https://www.willsroot.io/2022/01/cve-2022-0185.html" rel="cite">CVE-2022-0185 - Winning a $31337 Bounty after Pwning Ubuntu and Escaping Google's KCTF Containers</a> by {{<indieweb-person nickname="willsroot" url="https://willsroot.io">}}
+</cite>
 
 I _highly_ encourage giving it a read; it's the perfect example of fuzzing with sanitizers to find a vulnerability, reproducing the vulnerability (by writing a tiny C program), _then_ diving into the source code to find and fix the cause, and finally reporting the issue (with a patch!). When source isn't available, the vendor would assume responsibility for the "find and fix" steps.
 
@@ -165,7 +167,7 @@ I readily concede to several points in favor of source availability from a secur
 - Some developers/vendors don't distribute binaries that make use of modern toolchain-level exploit mitigations (e.g. <abbr title="Position-Independent Executables">PIE</abbr>, <abbr title="ReLocation Read-Only">RELRO</abbr>, stack canaries, automatic variable initialization, [<abbr title="Control-Flow Integrity">CFI</abbr>](https://clang.llvm.org/docs/ControlFlowIntegrity.html), etc.[^13]). In these cases, building software yourself with these mitigations (or delegating it to a distro that enforces them) requires source code availability (or at least some sort of intermediate representation).
 - Closed-source software may or may not have builds available that include sanitizers and debug symbols.
 - Although fuzzing release binaries is possible, fuzzing is much easier to do when source code is available. Vendors of proprietary software seldom release special fuzz-friendly builds, and filtering out false-positives can be quite tedious without understanding high-level design.
-- It is certainly possible to notice a vulnerability in source code. Excluding low-hanging fruit typically caught by static code analysis and peer review, it's not the main way most vulnerabilities are found nowadays (thanks to <span class="h-card vcard"><a class="p-name url n" href="https://www.broken-by-design.fr/"><span class="p-nickname nickname">X_Cli</span></a></span> for [reminding me about what source analysis does accomplish](https://lemmy.ml/post/167321/comment/117774)).
+- It is certainly possible to notice a vulnerability in source code. Excluding low-hanging fruit typically caught by static code analysis and peer review, it's not the main way most vulnerabilities are found nowadays (thanks to {{<indieweb-person nickname="X_CLI" url="https://www.broken-by-design.fr/">}} for [reminding me about what source analysis does accomplish](https://lemmy.ml/post/167321/comment/117774)).
 - Software as a Service can be incredibly difficult to analyze, as we typically have little more than the ability to query a server. Servers don't send core dumps, server-side binaries, or trace logs for analysis. Furthermore, it's difficult to verify which software a server is running.[^14] For services that require trusting a server, access to the server-side software is important from both a security and a user-freedom perspective
 
 Most of this post is written with the assumption that binaries are inspectable and traceable. Binary obfuscation and some forms of content protection/<abbr title="Digital Rights Management">DRM</abbr> violate this assumption and actually do make analysis more difficult.
@@ -190,7 +192,7 @@ Releasing source code is just one thing vendors can do to improve audits; other
 
 [^3]: Or a JIT compiler, or a [bunch of clockwork](https://en.wikipedia.org/wiki/Analytical_Engine), or...
 
-[^4]: For completeness, I should add that there is one source-based approach that can verify correctness: formal proofs. Functional programming languages that [support dependent types](https://en.wikipedia.org/wiki/Dependent_type) can be provably correct at the source level. Assuming their self-hosted toolchains have similar guarantees, developers using these languages might have to worry less about bugs they couldn't find in the source code. This can alleviate concerns that their language runtimes can make it hard to reason about low-level behavior. Thanks to <span class="h-card vcard"><a class="p-name url fn n" href="https://adrian.geek.nz/"><span class="p-given-name given-name">Adrian</span> <span class="p-family-name family-name">Cochrane</span></a></span> for pointing this out.
+[^4]: For completeness, I should add that there is one source-based approach that can verify correctness: formal proofs. Functional programming languages that [support dependent types](https://en.wikipedia.org/wiki/Dependent_type) can be provably correct at the source level. Assuming their self-hosted toolchains have similar guarantees, developers using these languages might have to worry less about bugs they couldn't find in the source code. This can alleviate concerns that their language runtimes can make it hard to reason about low-level behavior. Thanks to {{<indieweb-person first-name="Adrian" last-name="Cochrane" url="https://adrian.geek.nz/">}} for pointing this out.
 
 [^5]: For example: C, C++, Objective-C, Go, Fortran, and others can utilize sanitizers from Clang and/or GCC.
 

content/posts/keeping-platforms-open.md

@@ -127,9 +127,9 @@ Perhaps the biggest benefit to abandoning the "move fast and break things" minds
 Acknowledgements
 ----------------
 
-<span class="h-card vcard"><a class="p-name url fn n" href="https://ossguy.com/"><span class="p-given-name given-name">Denver</span> <span class="p-family-name family-name">Gingerich</span></a></span> helped me brainstorm early in the writing process and provided useful information for the section on XMPP.
+{{<indieweb-person first-name="Denver" last-name="Gingerich" url="https://ossguy.com/">}} helped me brainstorm early in the writing process and provided useful information for the section on XMPP.
 
-Thanks to <span class="h-card vcard"><a class="p-name url fn n" href="https://bzsombor.web.elte.hu/"><span class="p-given-name given-name">Barna</span> <span class="p-family-name family-name">Zsombor</span></a></span> and carbolymer for giving good feedback over IRC.
+Thanks to {{<indieweb-person first-name="Barna" last-name="Zsombor" url="https://bzsombor.web.elte.hu/">}} and carbolymer for giving good feedback over IRC.
 
 
 [^1]: [This Hacker News comment](https://news.ycombinator.com/item?id=25961895) in particular planted quite a few seeds for this article.

content/posts/search-engines-with-own-indexes.md

@@ -193,9 +193,9 @@ Acknowledgements
 
 Some of this content came from the [Search Engine Map](https://www.searchenginemap.com/) and [Search Engine Party](https://searchengine.party/). A few web directories also proved useful.
 
-Matt from Gigablast also gave me some helpful information on GBY which I included in the "Rationale" section. He's written more about big tech in the [Gigablast blog](https://gigablast.com/blog.html).
+{{<indieweb-person first-name="Matt" last-name="Wells" url="https://gigablast.com/bio.html" org="Gigablast" org-url="https://gigablast.com/">}} also gave me some helpful information on GBY which I included in the "Rationale" section. He's written more about big tech in the [Gigablast blog](https://gigablast.com/blog.html).
 
-<span class="h-card vcard"><a class="p-name url fn n" href="https://emucafe.club/channel/naferrell"><span class="p-given-name given-name">Nicholas</span> A. <span class="p-family-name family-name">Ferrell</span></a></span> of [The New Leaf Journal](https://thenewleafjournal.com/) wrote a [great post](https://thenewleafjournal.com/a-2021-list-of-alternative-search-engines-and-search-resources/) on alternative search engines. He also gave me some [useful details](https://lists.sr.ht/~seirdy/seirdy.one-comments/%3C20210618031450.rb2twu4ypek6vvl3%40rkumarlappie.attlocal.net%3E) about Seznam, Naver, Baidu, and Goo.
+{{<indieweb-person first-name="Nicholas" last-name="Ferrell" url="https://emucafe.club/channel/naferrell" org="The New Leaf Journal" org-url="https://thenewleafjournal.com/">}} wrote a [great post](https://thenewleafjournal.com/a-2021-list-of-alternative-search-engines-and-search-resources/) on alternative search engines. He also gave me some [useful details](https://lists.sr.ht/~seirdy/seirdy.one-comments/%3C20210618031450.rb2twu4ypek6vvl3%40rkumarlappie.attlocal.net%3E) about Seznam, Naver, Baidu, and Goo.
 
 
 [^1]: Yes, "indexes" is an acceptable plural form of the word "index". The word "indices" sounds weird to me outside a math class.

content/posts/website-best-practices.gmi

@@ -144,6 +144,12 @@ Some users' browsers set default page colors that aren't black-on-white. For ins
 
 It's got a grey background, a header with unreadable black/grey text, and unreadable white-on-white code snippets
 
+Chris Siebenmann describes this in more detail:
+
+=> https://utcc.utoronto.ca/~cks/space/blog/web/AWebColoursProblem AWebColoursProblem
+
+In short: when setting colors, always set both the foreground and the background color. Don't set just one of the two.
+
 ## Dark themes
 
 If you do explicitly set colors, please also include a dark theme using a media query:

content/posts/website-best-practices.md

@@ -1,14 +1,13 @@
 ---
 date: "2020-11-23T12:21:35-08:00"
-description: A lengthy guide to making small sites that focus on content rather than
-    form.
+description: A lengthy guide to making small sites that focus on content rather than form.
 outputs:
-  - html
-  - gemtext
+    - html
+    - gemtext
 footnote_heading: Notes
 tags:
-  - web
-  - minimalism
+    - web
+    - minimalism
 title: An opinionated list of best practices for textual websites
 ---
 _The following applies to minimal websites that focus primarily on text. It does not apply to websites that have a lot of non-textual content. It also does not apply to websites that focus more on generating revenue or pleasing investors than being good websites._
@@ -137,6 +136,8 @@ Some users' browsers set default page colors that aren't black-on-white. For ins
 {{< picture name="website_colors" alt="This page with a grey background behind black/grey headers and white-on-white code snippets" >}}
 </a>
 
+<p>{{% indieweb-person first-name="Chris" last-name="Siebenmann" url="https://utcc.utoronto.ca/~cks/" %}} describes this in more detail in <a href="https://utcc.utoronto.ca/~cks/space/blog/web/AWebColoursProblem">AWebColoursProblem</a>. In short: when setting colors, always set both the foreground and the background color. Don't set just one of the two.</p>
+
 ### Dark themes
 
 If you do explicitly set colors, please also include a dark theme using a media query: `@media (prefers-color-scheme: dark)`. For more info, read the relevant docs [on MDN](https://developer.mozilla.org/en-US/docs/Web/CSS/@media/prefers-color-scheme)
@@ -265,13 +266,13 @@ The [250kb club](https://250kb.club/) gathers websites at or under 250kb, and al
 
 The [10KB Club](https://10kbclub.com/) does the same with a 10kb homepage budget (excluding favicons and webmanifest icons). It also has guidelines for noteworthiness, to avoid low-hanging fruit like mostly-blank pages.
 
-My favorite website club has to be the [<abbr title="eXtreme HyperText Movement for Luddites">XHTML</abbr> Club](https://xhtml.club/) by <span class="h-card vcard"><a class="p-name url fn n" href="https://uglyduck.ca"><span class="p-given-name given-name">Bradley</span> <span class="p-family-name family-name">Taunt</span></a></span>, the creator of the original [1mb.club](https://1mb.club).
+My favorite website club has to be the [<abbr title="eXtreme HyperText Movement for Luddites">XHTML</abbr> Club](https://xhtml.club/) by {{<indieweb-person first-name="Bradley" last-name="Taunt" url="https://uglyduck.ca">}}, the creator of the original [1mb.club](https://1mb.club).
 
 Also see [Motherfucking Website](https://motherfuckingwebsite.com/). Motherfucking Website inspired several unofficial sequels that tried to gently improve upon it. My favorite is [Best Motherfucking Website](https://bestmotherfucking.website/).
 
 The [WebBS calculator](https://www.webbloatscore.com/) compares a page's size with the size of a PNG screenshot of the full page content, encouraging site owners to minimize the ratio of the two.
 
-One resource I found useful (that eventually featured this article!) was the "Your page content" section of <span class="h-card vcard"><a class="p-name url fn n" href="https://www.billdietrich.me"><span class="p-given-name given-name">Bill</span> <span class="p-family-name family-name">Dietrich</span>'s</a></span> comprehensive guide to [setting up your personal website](https://www.billdietrich.me/YourPersonalWebSite.html#PageContent).
+One resource I found useful (that eventually featured this article!) was the "Your page content" section of {{<indieweb-person first-name="Bill" last-name="Dietrich" url="https://www.billdietrich.me">}}'s comprehensive guide to [setting up your personal website](https://www.billdietrich.me/YourPersonalWebSite.html#PageContent).
 
 
 [^1]: Many addons function by injecting content into pages; this significantly weakens many aspects of the browser security model (e.g. site and origin isolation) and should be avoided if at all possible. On sensitive pages with content such as public key fingerprints, I recommend setting a blank `sandbox` directive even if it means breaking these addons.
@@ -281,3 +282,5 @@ One resource I found useful (that eventually featured this article!) was the "Yo
 [^3]: Here's an [overview of PE](https://en.wikipedia.org/wiki/Progressive_enhancement) and [my favorite write-up on the subject](https://whalecoiner.com/articles/progressive-enhancement).
 
 [^4]: Consider disabling the JIT for your normal browsing too; doing so removes whole classes of vulnerabilities. In Firefox, toggle `javascript.options.ion`, `javascript.options.baselinejit`, `javascript.options.native_regexp`, `javascript.options.asmjs`, and `javascript.options.wasm` in `about:config`; in Chromium, run chromium with `--js-flags='--jitless'`; in the Tor Browser, set the security level to "Safer".
+
+

content/posts/whatsapp-and-the-domestication-of-users.md

@@ -171,15 +171,15 @@ Translations
 
 Translations are always welcome.
 
-<span class="h-card vcard"><a class="p-name url fn n" href="https://evgenykuznetsov.org/"><span class="p-given-name given-name">Евгений</span> <span class="p-family-name family-name">Кузнецов</span></a></span> translated this article to Russian: <a lang="ru" hreflang="ru" rel="alternate" href="https://evgenykuznetsov.org/posts/2021/domestication/">WhatsApp и одомашнивание пользователей</a>.
+{{<indieweb-person first-name="Евгений" last-name="Кузнецов" url="https://evgenykuznetsov.org/">}} translated this article to Russian: <a lang="ru" hreflang="ru" rel="alternate" href="https://evgenykuznetsov.org/posts/2021/domestication/">WhatsApp и одомашнивание пользователей</a>.
 
 The Framalang translators at [Framasoft](https://framasoft.org/) translated this article to French: <a lang="fr" hreflang="fr" rel="alternate" href="https://framablog.org/2021/02/04/utilisateurs-libres-ou-domestiques-whatsapp-et-les-autres/">WhatsApp et la domestication des utilisateurs</a>.
 
-<span class="h-card vcard"><a class="p-nickname url nickname n" href="https://web.archive.org/web/20210924154338/https://convorb.im/">Licaon_Kter</a></span> translated this article to Romanian: <a lang="ro" hreflang="ro" rel="alternate" href="https://web.archive.org/web/20210924154306/convorb.im/post/2021/02/14/whatsapp-si-domesticirea-utilizatorilor.html">WhatsApp și domesticirea utilizatorilor</a>.
+{{<indieweb-person nickname="Licaon Kter" url="https://web.archive.org/web/20210924154338/https://convorb.im/">}} translated this article to Romanian: <a lang="ro" hreflang="ro" rel="alternate" href="https://web.archive.org/web/20210924154306/convorb.im/post/2021/02/14/whatsapp-si-domesticirea-utilizatorilor.html">WhatsApp și domesticirea utilizatorilor</a>.
 
-<span class="h-card vcard"><a class="p-name url fn n" href="https://sgfault.com"><span class="p-given-name given-name">David</span> <span class="p-family-name family-name">Jimenez</span></a></span> translated this article to Spanish: <a lang="es" hreflang="es" rel="alternate" href="https://sgfault.com/2021/02/21/whatsapp-y-la-domesticacion-de-usuarios.html">WhatsApp y la domesticación de usuarios</a>.
+{{<indieweb-person first-name="David" last-name="Jimenez" url="https://sgfault.com">}} translated this article to Spanish: <a lang="es" hreflang="es" rel="alternate" href="https://sgfault.com/2021/02/21/whatsapp-y-la-domesticacion-de-usuarios.html">WhatsApp y la domesticación de usuarios</a>.
 
-<span class="h-card vcard"><a class="p-nickname url nickname n" href="https://www.lealternative.net/author/skariko/">Skariko</a></span> of [Le Alternative](https://lealternative.net/) translated this article to Italian: <a lang="it-IT" hreflang="it-IT" rel="alternate" href="https://www.lealternative.net/2021/12/13/whatsapp-e-laddomesticamento-degli-utenti/">WhatsApp e l’addomesticamento degli utenti</a>.
+{{<indieweb-person nickname="Skariko" url="https://www.lealternative.net/author/skariko/">}} of [Le Alternative](https://lealternative.net/) translated this article to Italian: <a lang="it-IT" hreflang="it-IT" rel="alternate" href="https://www.lealternative.net/2021/12/13/whatsapp-e-laddomesticamento-degli-utenti/">WhatsApp e l’addomesticamento degli utenti</a>.
 
 
 [^1]: Pierotti, R.; Fogg, B. (2017). The First Domestication: How Wolves and Humans Coevolved. Yale University Press.

layouts/shortcodes/indieweb-person.html

@@ -0,0 +1,17 @@
+<span itemscope itemtype="https://schema.org/Person" class="h-card vcard">
+	<a itemprop="url" href="{{- .Get "url" -}}" class="u-url url">
+		<span itemprop="name" class="p-name fn n">
+			{{- if (.Get "first-name") -}}<span itemprop="givenName" class="p-given-name given-name">{{- .Get "first-name" -}}</span>{{- end }}
+			{{ if (.Get "last-name") -}}<span itemprop="familyName" class="p-family-name family-name">{{- .Get "last-name" -}}{{- end -}}
+			{{- if (.Get "nickname") -}}<span itemprop="nickname" class="p-nickname nickname">{{- .Get "nickname" -}}</span>{{- end -}}
+			{{- if (.Get "name") -}}{{- .Get "name" -}}{{- end -}}
+		</span>{{- /* Strip trailing newline: https://github.com/gohugoio/hugo/issues/1753 */ -}}
+	</a>{{- /* Strip trailing newline: https://github.com/gohugoio/hugo/issues/1753 */ -}}
+	{{- if (.Get "org") }}
+	from <span class="p-org org" itemprop="affiliation" itemscope itemtype="https://schema.org/Organization">
+		<a itemprop="url" class="organization-name" href="{{- .Get "org-url" -}}">
+			<span itemprop="name">{{- .Get "org" -}}</span>{{- /* Strip trailing newline: https://github.com/gohugoio/hugo/issues/1753 */ -}}
+		</a>
+	</span>
+{{- end -}}
+</span>{{- /* Strip trailing newline: https://github.com/gohugoio/hugo/issues/1753 */ -}}

layouts/shortcodes/picture.html

@@ -76,4 +76,4 @@
 		width="{{ $light_png.Width }}" height="{{ $light_png.Height }}"
 		src="{{ $light_png.RelPermalink }}" alt='{{ .Get "alt" }}'
 		decoding="async">
-</picture>
+</picture>{{- /* Strip trailing newline: https://github.com/gohugoio/hugo/issues/1753 */ -}}