Minor clarification: required and optional perms

It's in binaries.tar.gz now.

.build.yml

@@ -1,13 +1,13 @@
 ---
 # we rsync binaries.tar.gz from the same server we deploy to.
 # it contains these static-pie binaries:
-# hugo, brotli, ect (like gzip/zopfli), sd, and xmlfmt.
+# hugo, brotli, ect (like gzip/zopfli), sd, htmlq (like jq for html), and xmllint.
 image: alpine/edge
 packages:
+  - curl # for webring update script
   - rsync
   - git  # for Hugo's gitInfo
   - bmake
-  - libxml2-utils # for xmllint
 sources:
   - https://git.sr.ht/~seirdy/seirdy.one
 secrets:

.gitignore

@@ -10,3 +10,4 @@ old/
 public/
 public_*/
 .hugo_build.lock
+csv/webrings.csv

Makefile

@@ -19,8 +19,11 @@ ECT_LEVEL=9
 
 VNU ?= vnu
 
+csv/webrings.csv:
+	sh scripts/populate-webrings.sh
+
 .PHONY: hugo
-hugo: $(SRCFILES)
+hugo: csv/webrings.csv $(SRCFILES)
 	hugo -b $(HUGO_BASEURL) $(HUGO_FLAGS) -d $(OUTPUT_DIR)
 
 # .hintrc-local for linting local files

content/about/index.gmi

@@ -4,6 +4,8 @@ Rohan Kumar : He/Him : Age 21
 
 Online Handle: Seirdy
 
+I'm known as Rohan and as Seirdy. There are some differences between these personas, but the line between the two is blurry. It's fine to mix them up.
+
 ## Other versions of this website
 
 This page's canonical location is on seirdy.one:
@@ -25,27 +27,30 @@ My Web and Gemini content may be slightly different: I often phrase things diffe
 I have a Tor hidden Web service which mirrors this site's contents, except for the fact that it replaces some SVGs with PNGs.
 => http://wgq3bd2kqoybhstp77i3wrzbfnsyd27wt34psaja4grqiezqircorkyd.onion/
 
-## Location (Rohan, meatspace)
+## Location (Rohan, He/Him, meatspace)
 
-Currently living at home in Cupertino, CA
+Currently living at home in California, USA
 
 Would normally be in Portland, OR during the school year, but COVID-19 happened.
 
-## Location (Seirdy, online)
-
-My handle is "Seirdy" on all the platforms I use:
-
-=> https://envs.net/%7Eseirdy/ my tildeverse Web page
-=> gemini://envs.net/%7Eseirdy/ my tildeverse Gemini page
 => https://sr.ht/%7Eseirdy Sourcehut forge
 => https://github.com/Seirdy GitHub forge
 => https://gitlab.com/Seirdy GitLab forge
+=> https://codeberg.org/Seirdy Codeberg forge
+
+## Location (Seirdy, It/Its, online)
+
+My handle is "Seirdy" on all the platforms I use:
+
+=> https://a.gh0.pw/user/Seirdy apioforum
+=> https://envs.net/%7Eseirdy/ my tildeverse Web page
+=> gemini://envs.net/%7Eseirdy/ my tildeverse Gemini page
 => https://pleroma.envs.net/seirdy Fediverse (Pleroma)
 => https://matrix.to/#/@seirdy:seirdy.one Matrix: @seirdy:seirdy.one
 => mailto:seirdy@seirdy.one email
 => ../publickey.asc PGP: 1E892DB2A5F84479
 
-My username is Seirdy on Reddit, Hacker News, Lobsters, Tildes.net, Linux Weekly News, Codeberg, and a few other places. For IRC, my nick is Seirdy on Libera.chat, Snoonet, OFTC, Tilde.Chat, and a few smaller networks.
+My username is Seirdy on Reddit, Hacker News, Lobsters, Tildes.net, Linux Weekly News, Codeberg, and a few other places. For IRC, my nick is Seirdy on Libera.chat, Snoonet, OFTC, Tilde.Chat, apionet, and a few smaller networks.
 
 My secondary Matrix account for Synapse-only rooms is @seirdy:fairydust.space. My Matrix account used to be @seirdy:envs.net but I've since migrated to my own Conduit server.
 

content/about/index.md

@@ -57,12 +57,13 @@ Social (Fediverse)
 : [@Seirdy<wbr />@pleroma<wbr />.envs.net](https://pleroma.envs.net/seirdy "{rel='me'}") (primary)
 : [@Seirdy<wbr />@lemmy<wbr />.ml](https://lemmy.ml/u/Seirdy "{rel='me'}") (Lemmy)
 
-Social (centralized) (not necessarily endorsed)
-: [Lobsters](https://lobste.rs/u/Seirdy "{rel='me'}")
+Social (centralized)
+:	[apioforum](https://a.gh0.pw/user/Seirdy "{rel='me'}")
 : [Tildes.net](https://tildes.net/user/Seirdy "{rel='me'}")
+: "Seirdy" on Linux Weekly News
+: [Lobsters](https://lobste.rs/u/Seirdy "{rel='me'}")
 : [Reddit](https://www.reddit.com/user/Seirdy/ "{rel='me'}")
 : ["Hacker" News](https://news.ycombinator.com/user?id=Seirdy "{rel='me'}")
-: "Seirdy" on Linux Weekly News
 
 Email
 : [seirdy<wbr />@seirdy.one](mailto:seirdy@seirdy.one "{class='u-email' itemprop='email' rel='me'}")
@@ -71,9 +72,10 @@ PGP public key
 : [`1E892DB2A5F84479`](../publickey.asc "{rel='pgpkey authn' type='application/pgp-keys' class='u-key'}") (also availabel via Web Key Directory)
 
 Chat
-: IRC: "Seirdy" on many networks (Liberachat, Snoonet, OFTC, Tilde.Chat, some others)
+: IRC: "Seirdy" on many networks (Liberachat, Snoonet, OFTC, Tilde.Chat, apionet, some others)
 : Matrix: [@seirdy<wbr />:seirdy.one](matrix:u/seirdy:seirdy.one "class='u-impp u-url' rel='me'")
 
+At least two platforms listed in the "Social (centralized)" category are not endorsed, and I'm trying to wind down my use of them.
 If you find a "Seirdy" somewhere else and don't know whether or not it's me, please contact me and ask instead of assuming that it must be me.
 
 I used to have the Matrix ID `@seirdy:envs.net`. I sometimes use `@seirdy:fairydust.space` for technical reasons (seirdy.one runs a Conduit server but certain features only work in Synapse rooms).

content/posts/layered-content-blocking.gmi

@@ -6,7 +6,7 @@ My views on the situation are a bit complicated.
 
 ## The existing content filtering landscape
 
-uBlock Origin (not to be confused with the unrelated uBlock) has advanced content filters, with the ability to inject near-arbitrary content into pages.
+uBlock Origin (not to be confused with the unrelated uBlock) has advanced content filters, with the ability to inject near-arbitrary stylesheets and a number of scripts into pages.
 
 => https://github.com/gorhill/uBlock uBlock Origin on GitHub
 
@@ -18,7 +18,7 @@ Hostname or IP-based based network filtering is the least capable but most relia
 
 ## Context: extension permissions systems
 
-Firefox allows extensions to declare their own permissions. Extensions decide which sites they can run on and when, and which permissions are optional.
+Firefox allows extensions to declare their own permissions. Extensions decide which sites they can run on and when, with required and optional permissions.
 
 Chromium has a similar system with additional functionality: users can choose to enable an extension only when clicked, only for a certain site, or for all sites globally. Safari takes this a step further and also offers the choice to enable an extension for a limited time period (one day).
 

content/posts/layered-content-blocking.md

@@ -16,7 +16,7 @@ My views on the situation are a bit complicated.
 The existing content filtering landscape
 ----------------------------------------
 
-[uBlock Origin](https://github.com/gorhill/uBlock)[^2] has advanced content filters, with the ability to inject near-arbitrary content into pages. Injecting scripts and stylesheets is often necessary to bypass malicious "anti-adblock" scripts or to skip certain types of video ads on streaming platforms. Unfortunately, this presents a security risk: users must trust every filter to not inject malicious stylesheets. Furthermore, sometimes these extensions don't run their filters "in time"; a delay in running a filter could allow unwanted content to sneak through. This is especially common during browser launch. Nonetheless, its functionality makes the user-hostile Web considerably less frustrating, and I rely on it every day.
+[uBlock Origin](https://github.com/gorhill/uBlock)[^2] has advanced content filters, with the ability to inject near-arbitrary stylesheets and a number of scripts into pages. Injecting scripts and stylesheets is often necessary to bypass malicious "anti-adblock" scripts or to skip certain types of video ads on streaming platforms. Unfortunately, this presents a security risk: users must trust every filter to not inject malicious stylesheets. Furthermore, sometimes these extensions don't run their filters "in time"; a delay in running a filter could allow unwanted content to sneak through. This is especially common during browser launch. Nonetheless, its functionality makes the user-hostile Web considerably less frustrating, and I rely on it every day.
 
 Chromium's Manifest v3 includes the `declarativeNetRequest` API, which delegates these functions to the browser rather than the extension. Doing so avoids the timing issues visible in privileged extensions and does not require giving the extension access to the page. While these filters are more reliable and improve privilege separation, they are also substantially weaker. You can say goodbye to more advanced "anti-adblock" circumvention techniques.
 
@@ -25,7 +25,7 @@ Hostname or IP-based based network filtering is the least capable but most relia
 Context: extension permissions systems
 --------------------------------------
 
-Firefox allows extensions to declare their own permissions. Extensions decide which sites they can run on and when, and which permissions are optional.
+Firefox allows extensions to declare their own permissions. Extensions decide which sites they can run on and when, with required and optional permissions.
 
 Chromium has a similar system with additional functionality: users can choose to enable an extension only when clicked, only for a certain site, or for all sites globally. Safari takes this a step further and also offers the choice to enable an extension for a limited time period (one day).
 

scripts/populate-webrings.sh

@@ -0,0 +1,84 @@
+#!/bin/sh
+
+# Get webring links to append to the CSV before building
+
+# Some webrings require an iframe or scripts, but I want a plain static
+# first-party HTML+CSS page. This script fetches webring links by
+# parsing the iframes and appends appropriate values to my webrings.csv file.
+
+set -e -u
+
+
+# the name of this program
+progname="$(basename "$0")"
+dirname="$(dirname "$0")"
+
+webrings_src="$dirname/../csv/webrings.base.csv"
+webrings_dest="$dirname/../csv/webrings.csv"
+
+help_text="Usage: $progname [OPTION...]
+
+Update webrings.csv with new prev/next links, to avoid iframes/scripts
+
+Options:
+  -h            Print this help and exit
+  -d            Dry run; just print results, don't update webrings.csv
+"
+
+usage() {
+	printf '%s' "$help_text"
+}
+
+# when the user passess bad args, send a msg to stderr and exit
+# usage: bad_option <option> <reason>
+bad_option() {
+	echo "$progname: option $1: $2" >&2
+	usage >&2
+	exit 1
+}
+
+dry_run='0'
+
+while getopts "hd" flags; do
+	case $flags in
+		h)
+			usage
+			exit 0
+			;;
+		d)
+			dry_run='1'
+			shift
+			;;
+		*)
+			bad_option "$flags" 'invalid option'
+			exit 1
+			;;
+	esac
+done
+
+# values for the GEORGE webring
+george() {
+	echo GEORGE
+	curl -s 'https://george.gh0.pw/embed.cgi?seirdy' | htmlq -a href 'main p a'
+}
+
+values_to_csv() {
+	tr '\n' ',' && echo
+}
+
+print_csv_values() {
+	printf %s "$(george)" | values_to_csv
+}
+
+if [ -f "$webrings_dest" ]; then
+	echo "webrings file already generated"
+	exit 0
+fi
+
+if [ "$dry_run" = '1' ]; then
+	print_csv_values
+else
+	print_csv_values | cat "$webrings_src" - >"$webrings_dest"
+fi
+
+# vi:ft=sh

scripts/xhtmlize-single-file.sh

@@ -29,6 +29,7 @@ sed 7d "$html_file" | xmllint --format --encode UTF-8 --noent - | sd '^\t' '' >"
 {
 	head -n7 "$tmp_file"
 	cat tmp.css
+	# shellcheck disable=SC2016 # these are regex statements, not shell expressions
 	tail -n +8 "$tmp_file" \
 		| sd '<pre(?: tabindex="0")?>\n\t*<code ' '<pre tabindex="0"><code ' \
 		| sd '(?:\n)?</code>\n(?:[\t\s]*)?</pre>' '</code></pre>' \

static/webfinger.json

@@ -27,6 +27,11 @@
 			"href": "https://pleroma.envs.net/seirdy",
 			"type": "text/html"
 		},
+		{
+			"rel": "http://webfinger.net/rel/profile-page",
+			"href": "https://a.gh0.pw/user/Seirdy",
+			"type": "text/html"
+		},
 		{
 			"rel": "webmention",
 			"href": "https://seirdy.one/webmentions/receive"