1
0
Fork 0
mirror of https://git.sr.ht/~seirdy/seirdy.one synced 2024-11-23 21:02:09 +00:00

Compare commits

..

7 commits

Author SHA1 Message Date
Rohan Kumar
0866e4d2bc
Don't brotli-compress the Tor hidden service
The Tor hidden service does not use TLS, so it doesn't use HTTP/2 or
HTTP/3. Therefore, it can't use Brotli; statically-compressing Brotli
content is just wasted CPU cycles.
2022-08-13 14:25:54 -07:00
Rohan Kumar
bdd3155b81
Don't check yesterweb webring for dead links 2022-08-13 14:25:38 -07:00
Rohan Kumar
ce21e0d181
More PP 2022-08-13 14:25:17 -07:00
Rohan Kumar
b98a0ef4c6
Auto-fix dead link 2022-08-13 14:25:05 -07:00
Rohan Kumar
521ad5bf9b
Privacy policy supplemental info: mention X-DNS-Prefetch-Control 2022-08-13 14:06:03 -07:00
Rohan Kumar
679feb8f5c
exclude BIMI icon and search from Nu validator 2022-08-13 14:05:23 -07:00
Rohan Kumar
ec04df8f2c
Add BIMI icon 2022-08-12 17:09:12 -07:00
9 changed files with 30 additions and 11 deletions

View file

@ -18,8 +18,6 @@ RSYNCFLAGS_EXTRA ?=
# compression gets slow for extreme levels like the old "70109"
ECT_LEVEL=9
VNU ?= vnu
csv/webrings.csv:
sh scripts/populate-webrings.sh
@ -60,7 +58,7 @@ validate-json:
.PHONY: validate-html
validate-html:
$(VNU) --stdout --format json --skip-non-html --also-check-svg $(OUTPUT_DIR) | sh scripts/filter-vnu.sh
sh scripts/vnu.sh $(OUTPUT_DIR)
.PHONY: htmlproofer
htmlproofer:
@ -149,10 +147,11 @@ deploy-prod: .prepare-deploy
@$(MAKE) copy-to-xhtml
@$(MAKE) deploy
# hidden service doesn't need brotli
.PHONY: deploy-onion
deploy-onion:
@$(MAKE) WWW_ROOT=/var/www/seirdy.onion HUGO_BASEURL='http://wgq3bd2kqoybhstp77i3wrzbfnsyd27wt34psaja4grqiezqircorkyd.onion/' OUTPUT_DIR=public_onion .prepare-deploy
@$(MAKE) WWW_ROOT=/var/www/seirdy.onion HUGO_BASEURL='http://wgq3bd2kqoybhstp77i3wrzbfnsyd27wt34psaja4grqiezqircorkyd.onion/' OUTPUT_DIR=public_onion compress
@$(MAKE) WWW_ROOT=/var/www/seirdy.onion HUGO_BASEURL='http://wgq3bd2kqoybhstp77i3wrzbfnsyd27wt34psaja4grqiezqircorkyd.onion/' OUTPUT_DIR=public_onion gzip
@$(MAKE) WWW_ROOT=/var/www/seirdy.onion HUGO_BASEURL='http://wgq3bd2kqoybhstp77i3wrzbfnsyd27wt34psaja4grqiezqircorkyd.onion/' OUTPUT_DIR=public_onion copy-to-xhtml
@$(MAKE) WWW_ROOT=/var/www/seirdy.onion HUGO_BASEURL='http://wgq3bd2kqoybhstp77i3wrzbfnsyd27wt34psaja4grqiezqircorkyd.onion/' OUTPUT_DIR=public_onion deploy-html

View file

@ -8,6 +8,8 @@ date: "2022-04-06T00:00:00+00:00"
Summary
-------
Basically, I don't track you.
- I only collect default server logs.
- I purge server logs regularly, except for some robot traffic.
- Searches are powered by the Search My Site API.
@ -65,11 +67,11 @@ These services currently run on, but do not necessarily endorse, virtual private
Log entries will persist for between two and three days. Purges of server logs occur every day at <time datetime="00:00:00">00:00 UTC</time>
Before purging, I may preserve the "User-Agent" request headers of agents that clearly identify as bots.
Before purging, I may preserve the "User-Agent" request headers of agents that clearly identify as robots.
### How I use your information
I use server logs to detect <abbr title="Denial of Service">DoS</abbr> attacks, misbehaving bots, and search engines to add to [my public collection](../../posts/2021/03/10/search-engines-with-own-indexes/).
I use server logs to detect <abbr title="Denial of Service">DoS</abbr> attacks, misbehaving bots, and search engines to add to [my public collection]({{<relref "/posts/search-engines-with-own-indexes.md">}}).
Information I share
-------------------
@ -101,9 +103,12 @@ By default, web browsers can share near-arbitrary identifying data with a server
By default, user agents using HTTPS may contact a certificate authority to check the revocation status of an TLS certificate. I have disabled and replaced this behavior by including an "OCSP Must-Staple" directive in the TLS certificates used by my Web servers.
By default, web browsers can speculatively make DNS queries for domains linked on a page, potentially leaking information about the current page to a DNS server. I send an `X-DNS-Prefetch-Control: off` header to disable this when possible; it's respected by Chromium, Firefox, and derivatives.
By default, user agents using HTTP or HTTPS may share a "referring" location with the destination website when following a link. I have disabled this by sending a `Referrer-Policy: no-referrer` header. One exception is links on the home page's "Webrings" section; some of these require a referring domain to function.
By default, Web browsers may share characteristics about the user's hardware, connection type, and personalizations using Client Hints and media queries. Browsers may request Web content conditionally, in response to a `media` attribute in (X)HTML documents. Browsers may leverage stylesheets that use media queries to select varying `background-image` files. No Web content on seirdy.one will send network traffic in response to media queries except <code>prefers-color-<wbr />scheme</code>, assuming the use of a standards-compliant browser. Media queries and client hints will have no impact on HTTP responses except for dark image variants. This is a single binary piece of information that isn't enough to let me realistically identify anyone.
By default, many networks and Internet service providers often alter requests by redirecting them or injecting content. I have prevented this behavior by using a secure TLS cipher suite.
By default, most web browsers connect to a website over insecure HTTP when users don't specify don't specify a URL scheme; this is frequently exploited by hostile networks to inject content or re-direct traffic. I mitigate this to the extent I can by using a `Strict-Transport-Security` header, participating in HSTS-Preload lists, and adding an HTTPS DNS record for HTTP/2 and HTTP/3 DNS-based APLN.

View file

@ -1,4 +1,4 @@
{{- $wbmLinks := (slice "https://si3t.ch/log/2021-04-18-entetes-floc.html" "https://xmpp.org/2021/02/newsletter-02-feburary/" "https://gurlic.com/technology/post/393626430212145157" "https://gurlic.com/technology/post/343249858599059461" "https://www.librepunk.club/@penryn/108411423190214816" "https://benign.town/@josias/108457015755310198" "http://www.tuxmachines.org/node/148146" "https://i.reddit.com/r/web_design/comments/k0dmpj/an_opinionated_list_of_best_practices_for_textual/gdmxy4u/" "https://bbbhltz.space/posts/thoughts-on-tech-feb2021/") -}}
{{- $wbmLinks := (slice "https://si3t.ch/log/2021-04-18-entetes-floc.html" "https://xmpp.org/2021/02/newsletter-02-feburary/" "https://gurlic.com/technology/post/393626430212145157" "https://gurlic.com/technology/post/343249858599059461" "https://www.librepunk.club/@penryn/108411423190214816" "https://benign.town/@josias/108457015755310198" "http://www.tuxmachines.org/node/148146" "https://i.reddit.com/r/web_design/comments/k0dmpj/an_opinionated_list_of_best_practices_for_textual/gdmxy4u/" "https://bbbhltz.space/posts/thoughts-on-tech-feb2021/" "https://jorts.horse/@alice/108477866954580532") -}}
<hr />
<section aria-labelledby="webmentions">
<h2 id="webmentions" tabindex="-1">Web&#173;mentions</h2>

View file

@ -51,4 +51,5 @@ IgnoreURLs:
# - "https://forum.kuketz-blog.de/viewtopic.php?p=78202" # manual check: blocks crawlers
- "https://forum.kuketz-blog.de/viewtopic.php"
- "https://web.archive.org/web/0/http" # the wayback machine itself.
- "https://webring.yesterweb.org/noJS/index.php" # Seems to block htmltest; check manually
OutputDir: "linter-configs/htmltest"

View file

@ -21,10 +21,6 @@
( # see https://github.com/w3c/css-validator/issues/370
.message == "CSS: “contain”: “inline-size” is not a “contain” value."
)
or
( # the search page has raw templates, let those slide. I validate the final dynamic search page manually.
.url | test ("/search/index.")
)
) | not
)
) | del(..|select(. == [])) | del(..|select(. == {})) | select(. != null)

17
scripts/vnu.sh Normal file
View file

@ -0,0 +1,17 @@
#!/bin/sh
set -e -u
pwd="$(dirname "$0")"
output_dir="$1"
files_to_analyze() {
find "$output_dir" -type f -name '*.html' -o -name '*.svg' \
| grep -Ev '(bimi\.svg|search/index\.x?html)$'
}
# we skip the BIMI icon (VNU can't handle SVG 1.2) and the search page (it has raw templates).
vnu \
--stdout \
--format json \
--also-check-svg \
$(files_to_analyze) \
| sh "$pwd/filter-vnu.sh"

1
static/bimi.svg Normal file
View file

@ -0,0 +1 @@
<svg version="1.2" baseProfile="tiny-ps" height="1024" width="1024" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 1024 1024"><title>Seirdy</title><path d="m0 0h1024v1024h-1024z"/><path d="M348.4 721.7q-15.4 0-30-4.6t-25.3-15.4q-10.8-10.8-15.4-25.3-4.6-14.6-4.6-30t4.6-30q4.6-14.6 15.4-25.3 10.8-10.8 25.3-15.4 14.6-4.6 30-4.6t30 4.6q14.6 4.6 25.3 15.4 10.8 10.8 15.4 25.3 4.6 14.6 4.6 30t-4.6 30q-4.6 14.6-15.4 25.3-10.8 10.8-25.3 15.4-14.6 4.6-30 4.6zm0-268.8q-15.4 0-30-4.6t-25.3-15.4q-10.8-10.8-15.4-25.3-4.6-14.6-4.6-30t4.6-30q4.6-14.6 15.4-25.3 10.8-10.8 25.3-15.4 14.6-4.6 30-4.6t30 4.6q14.6 4.6 25.3 15.4 10.8 10.8 15.4 25.3 4.6 14.6 4.6 30t-4.6 30q-4.6 14.6-15.4 25.3-10.8 10.8-25.3 15.4-14.6 4.6-30 4.6zM654.8 873l-58.4-44.5q45.3-53.8 64.5-107.5-17.7-2.3-33-12.3-14.6-10.8-21.5-27.6-6.1-16.9-6.1-34.6 0-15.4 4.6-30t15.4-25.3q10.8-10.8 25.3-15.4 14.6-4.6 30-4.6t30 4.6q14.6 4.6 25.3 15.4 10.8 10.8 15.4 25.3 4.6 14.6 4.6 30v3.8q-1.5 111.4-96 222.7zm20.7-420.1q-15.4 0-30-4.6t-25.3-15.4q-10.8-10.8-15.4-25.3-4.6-14.6-4.6-30t4.6-30q4.6-14.6 15.4-25.3 10.8-10.8 25.3-15.4 14.6-4.6 30-4.6t30 4.6q14.6 4.6 25.3 15.4 10.8 10.8 15.4 25.3 4.6 14.6 4.6 30t-4.6 30q-4.6 14.6-15.4 25.3-10.8 10.8-25.3 15.4-14.6 4.6-30 4.6z" fill="#fff"/></svg>

After

Width:  |  Height:  |  Size: 1.2 KiB

BIN
static/bimi.svg.br Normal file

Binary file not shown.

BIN
static/bimi.svg.gz Normal file

Binary file not shown.