mirror of
https://git.sr.ht/~seirdy/seirdy.one
synced 2024-11-23 21:02:09 +00:00
Compare commits
7 commits
1e00ee0bec
...
0866e4d2bc
Author | SHA1 | Date | |
---|---|---|---|
|
0866e4d2bc | ||
|
bdd3155b81 | ||
|
ce21e0d181 | ||
|
b98a0ef4c6 | ||
|
521ad5bf9b | ||
|
679feb8f5c | ||
|
ec04df8f2c |
9 changed files with 30 additions and 11 deletions
7
Makefile
7
Makefile
|
@ -18,8 +18,6 @@ RSYNCFLAGS_EXTRA ?=
|
|||
# compression gets slow for extreme levels like the old "70109"
|
||||
ECT_LEVEL=9
|
||||
|
||||
VNU ?= vnu
|
||||
|
||||
csv/webrings.csv:
|
||||
sh scripts/populate-webrings.sh
|
||||
|
||||
|
@ -60,7 +58,7 @@ validate-json:
|
|||
|
||||
.PHONY: validate-html
|
||||
validate-html:
|
||||
$(VNU) --stdout --format json --skip-non-html --also-check-svg $(OUTPUT_DIR) | sh scripts/filter-vnu.sh
|
||||
sh scripts/vnu.sh $(OUTPUT_DIR)
|
||||
|
||||
.PHONY: htmlproofer
|
||||
htmlproofer:
|
||||
|
@ -149,10 +147,11 @@ deploy-prod: .prepare-deploy
|
|||
@$(MAKE) copy-to-xhtml
|
||||
@$(MAKE) deploy
|
||||
|
||||
# hidden service doesn't need brotli
|
||||
.PHONY: deploy-onion
|
||||
deploy-onion:
|
||||
@$(MAKE) WWW_ROOT=/var/www/seirdy.onion HUGO_BASEURL='http://wgq3bd2kqoybhstp77i3wrzbfnsyd27wt34psaja4grqiezqircorkyd.onion/' OUTPUT_DIR=public_onion .prepare-deploy
|
||||
@$(MAKE) WWW_ROOT=/var/www/seirdy.onion HUGO_BASEURL='http://wgq3bd2kqoybhstp77i3wrzbfnsyd27wt34psaja4grqiezqircorkyd.onion/' OUTPUT_DIR=public_onion compress
|
||||
@$(MAKE) WWW_ROOT=/var/www/seirdy.onion HUGO_BASEURL='http://wgq3bd2kqoybhstp77i3wrzbfnsyd27wt34psaja4grqiezqircorkyd.onion/' OUTPUT_DIR=public_onion gzip
|
||||
@$(MAKE) WWW_ROOT=/var/www/seirdy.onion HUGO_BASEURL='http://wgq3bd2kqoybhstp77i3wrzbfnsyd27wt34psaja4grqiezqircorkyd.onion/' OUTPUT_DIR=public_onion copy-to-xhtml
|
||||
@$(MAKE) WWW_ROOT=/var/www/seirdy.onion HUGO_BASEURL='http://wgq3bd2kqoybhstp77i3wrzbfnsyd27wt34psaja4grqiezqircorkyd.onion/' OUTPUT_DIR=public_onion deploy-html
|
||||
|
||||
|
|
|
@ -8,6 +8,8 @@ date: "2022-04-06T00:00:00+00:00"
|
|||
Summary
|
||||
-------
|
||||
|
||||
Basically, I don't track you.
|
||||
|
||||
- I only collect default server logs.
|
||||
- I purge server logs regularly, except for some robot traffic.
|
||||
- Searches are powered by the Search My Site API.
|
||||
|
@ -65,11 +67,11 @@ These services currently run on, but do not necessarily endorse, virtual private
|
|||
|
||||
Log entries will persist for between two and three days. Purges of server logs occur every day at <time datetime="00:00:00">00:00 UTC</time>
|
||||
|
||||
Before purging, I may preserve the "User-Agent" request headers of agents that clearly identify as bots.
|
||||
Before purging, I may preserve the "User-Agent" request headers of agents that clearly identify as robots.
|
||||
|
||||
### How I use your information
|
||||
|
||||
I use server logs to detect <abbr title="Denial of Service">DoS</abbr> attacks, misbehaving bots, and search engines to add to [my public collection](../../posts/2021/03/10/search-engines-with-own-indexes/).
|
||||
I use server logs to detect <abbr title="Denial of Service">DoS</abbr> attacks, misbehaving bots, and search engines to add to [my public collection]({{<relref "/posts/search-engines-with-own-indexes.md">}}).
|
||||
|
||||
Information I share
|
||||
-------------------
|
||||
|
@ -101,9 +103,12 @@ By default, web browsers can share near-arbitrary identifying data with a server
|
|||
|
||||
By default, user agents using HTTPS may contact a certificate authority to check the revocation status of an TLS certificate. I have disabled and replaced this behavior by including an "OCSP Must-Staple" directive in the TLS certificates used by my Web servers.
|
||||
|
||||
By default, web browsers can speculatively make DNS queries for domains linked on a page, potentially leaking information about the current page to a DNS server. I send an `X-DNS-Prefetch-Control: off` header to disable this when possible; it's respected by Chromium, Firefox, and derivatives.
|
||||
|
||||
By default, user agents using HTTP or HTTPS may share a "referring" location with the destination website when following a link. I have disabled this by sending a `Referrer-Policy: no-referrer` header. One exception is links on the home page's "Webrings" section; some of these require a referring domain to function.
|
||||
|
||||
By default, Web browsers may share characteristics about the user's hardware, connection type, and personalizations using Client Hints and media queries. Browsers may request Web content conditionally, in response to a `media` attribute in (X)HTML documents. Browsers may leverage stylesheets that use media queries to select varying `background-image` files. No Web content on seirdy.one will send network traffic in response to media queries except <code>prefers-color-<wbr />scheme</code>, assuming the use of a standards-compliant browser. Media queries and client hints will have no impact on HTTP responses except for dark image variants. This is a single binary piece of information that isn't enough to let me realistically identify anyone.
|
||||
|
||||
By default, many networks and Internet service providers often alter requests by redirecting them or injecting content. I have prevented this behavior by using a secure TLS cipher suite.
|
||||
|
||||
By default, most web browsers connect to a website over insecure HTTP when users don't specify don't specify a URL scheme; this is frequently exploited by hostile networks to inject content or re-direct traffic. I mitigate this to the extent I can by using a `Strict-Transport-Security` header, participating in HSTS-Preload lists, and adding an HTTPS DNS record for HTTP/2 and HTTP/3 DNS-based APLN.
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
{{- $wbmLinks := (slice "https://si3t.ch/log/2021-04-18-entetes-floc.html" "https://xmpp.org/2021/02/newsletter-02-feburary/" "https://gurlic.com/technology/post/393626430212145157" "https://gurlic.com/technology/post/343249858599059461" "https://www.librepunk.club/@penryn/108411423190214816" "https://benign.town/@josias/108457015755310198" "http://www.tuxmachines.org/node/148146" "https://i.reddit.com/r/web_design/comments/k0dmpj/an_opinionated_list_of_best_practices_for_textual/gdmxy4u/" "https://bbbhltz.space/posts/thoughts-on-tech-feb2021/") -}}
|
||||
{{- $wbmLinks := (slice "https://si3t.ch/log/2021-04-18-entetes-floc.html" "https://xmpp.org/2021/02/newsletter-02-feburary/" "https://gurlic.com/technology/post/393626430212145157" "https://gurlic.com/technology/post/343249858599059461" "https://www.librepunk.club/@penryn/108411423190214816" "https://benign.town/@josias/108457015755310198" "http://www.tuxmachines.org/node/148146" "https://i.reddit.com/r/web_design/comments/k0dmpj/an_opinionated_list_of_best_practices_for_textual/gdmxy4u/" "https://bbbhltz.space/posts/thoughts-on-tech-feb2021/" "https://jorts.horse/@alice/108477866954580532") -}}
|
||||
<hr />
|
||||
<section aria-labelledby="webmentions">
|
||||
<h2 id="webmentions" tabindex="-1">Web­mentions</h2>
|
||||
|
|
|
@ -51,4 +51,5 @@ IgnoreURLs:
|
|||
# - "https://forum.kuketz-blog.de/viewtopic.php?p=78202" # manual check: blocks crawlers
|
||||
- "https://forum.kuketz-blog.de/viewtopic.php"
|
||||
- "https://web.archive.org/web/0/http" # the wayback machine itself.
|
||||
- "https://webring.yesterweb.org/noJS/index.php" # Seems to block htmltest; check manually
|
||||
OutputDir: "linter-configs/htmltest"
|
||||
|
|
|
@ -21,10 +21,6 @@
|
|||
( # see https://github.com/w3c/css-validator/issues/370
|
||||
.message == "CSS: “contain”: “inline-size” is not a “contain” value."
|
||||
)
|
||||
or
|
||||
( # the search page has raw templates, let those slide. I validate the final dynamic search page manually.
|
||||
.url | test ("/search/index.")
|
||||
)
|
||||
) | not
|
||||
)
|
||||
) | del(..|select(. == [])) | del(..|select(. == {})) | select(. != null)
|
||||
|
|
17
scripts/vnu.sh
Normal file
17
scripts/vnu.sh
Normal file
|
@ -0,0 +1,17 @@
|
|||
#!/bin/sh
|
||||
set -e -u
|
||||
pwd="$(dirname "$0")"
|
||||
output_dir="$1"
|
||||
|
||||
files_to_analyze() {
|
||||
find "$output_dir" -type f -name '*.html' -o -name '*.svg' \
|
||||
| grep -Ev '(bimi\.svg|search/index\.x?html)$'
|
||||
}
|
||||
|
||||
# we skip the BIMI icon (VNU can't handle SVG 1.2) and the search page (it has raw templates).
|
||||
vnu \
|
||||
--stdout \
|
||||
--format json \
|
||||
--also-check-svg \
|
||||
$(files_to_analyze) \
|
||||
| sh "$pwd/filter-vnu.sh"
|
1
static/bimi.svg
Normal file
1
static/bimi.svg
Normal file
|
@ -0,0 +1 @@
|
|||
<svg version="1.2" baseProfile="tiny-ps" height="1024" width="1024" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 1024 1024"><title>Seirdy</title><path d="m0 0h1024v1024h-1024z"/><path d="M348.4 721.7q-15.4 0-30-4.6t-25.3-15.4q-10.8-10.8-15.4-25.3-4.6-14.6-4.6-30t4.6-30q4.6-14.6 15.4-25.3 10.8-10.8 25.3-15.4 14.6-4.6 30-4.6t30 4.6q14.6 4.6 25.3 15.4 10.8 10.8 15.4 25.3 4.6 14.6 4.6 30t-4.6 30q-4.6 14.6-15.4 25.3-10.8 10.8-25.3 15.4-14.6 4.6-30 4.6zm0-268.8q-15.4 0-30-4.6t-25.3-15.4q-10.8-10.8-15.4-25.3-4.6-14.6-4.6-30t4.6-30q4.6-14.6 15.4-25.3 10.8-10.8 25.3-15.4 14.6-4.6 30-4.6t30 4.6q14.6 4.6 25.3 15.4 10.8 10.8 15.4 25.3 4.6 14.6 4.6 30t-4.6 30q-4.6 14.6-15.4 25.3-10.8 10.8-25.3 15.4-14.6 4.6-30 4.6zM654.8 873l-58.4-44.5q45.3-53.8 64.5-107.5-17.7-2.3-33-12.3-14.6-10.8-21.5-27.6-6.1-16.9-6.1-34.6 0-15.4 4.6-30t15.4-25.3q10.8-10.8 25.3-15.4 14.6-4.6 30-4.6t30 4.6q14.6 4.6 25.3 15.4 10.8 10.8 15.4 25.3 4.6 14.6 4.6 30v3.8q-1.5 111.4-96 222.7zm20.7-420.1q-15.4 0-30-4.6t-25.3-15.4q-10.8-10.8-15.4-25.3-4.6-14.6-4.6-30t4.6-30q4.6-14.6 15.4-25.3 10.8-10.8 25.3-15.4 14.6-4.6 30-4.6t30 4.6q14.6 4.6 25.3 15.4 10.8 10.8 15.4 25.3 4.6 14.6 4.6 30t-4.6 30q-4.6 14.6-15.4 25.3-10.8 10.8-25.3 15.4-14.6 4.6-30 4.6z" fill="#fff"/></svg>
|
After Width: | Height: | Size: 1.2 KiB |
BIN
static/bimi.svg.br
Normal file
BIN
static/bimi.svg.br
Normal file
Binary file not shown.
BIN
static/bimi.svg.gz
Normal file
BIN
static/bimi.svg.gz
Normal file
Binary file not shown.
Loading…
Reference in a new issue