New note: on enforcing HTTPS

Keep max page weight but allow greater markup limit.

Makefile

@@ -13,7 +13,7 @@ WWW_RSYNC_DEST = $(USER):$(WWW_ROOT)
 GEMINI_RSYNC_DEST = $(USER):$(GEMINI_ROOT)
 
 OUTPUT_DIR = public
-RSYNCFLAGS += -rlcv --zc=zstd --zl=6 --skip-compress=gz/br/zst/png/webp/jpg/avif/jxl/mp4/mkv/webm/opus/mp3
+RSYNCFLAGS += -rlpcv --zc=zstd --zl=6 --skip-compress=gz/br/zst/png/webp/jpg/avif/jxl/mp4/mkv/webm/opus/mp3
 # compression gets slow for extreme levels like the old "70109"
 ECT_LEVEL=9
 

Makefile.online

@@ -11,9 +11,9 @@ CHROME_PATH = $(CHROME_DIR)/thorium
 CHROMEDRIVER_PATH = $(CHROME_DIR)/chromedriver
 CHROME_PROFILE ?= /tmp/chrome-lighthouse
 JS_FLAGS=''
-CHROME_FLAGS += --disable-extensions --no-default-browser-check --disable-client-side-phishing-detection --disable-component-update --disable-default-apps --disable-device-discovery-notifications --disable-domain-reliability --disable-background-timer-throttling --disable-breakpad --enable-blink-features=LayoutInstabilityAPI --no-first-run --disable-background-networking --user-data-dir=$(CHROME_PROFILE) --enable-quic --start-in-incognito --origin-to-force-quic-on=$(DOMAIN):443
+CHROME_FLAGS += --headless --disable-extensions --no-default-browser-check --disable-client-side-phishing-detection --disable-component-update --disable-default-apps --disable-device-discovery-notifications --disable-domain-reliability --disable-background-timer-throttling --disable-breakpad --enable-blink-features=LayoutInstabilityAPI --no-first-run --disable-background-networking --user-data-dir=$(CHROME_PROFILE) --enable-quic --start-in-incognito --origin-to-force-quic-on=$(DOMAIN):443
 CHROME_FLAGS_COMMA = 'disable-extensions,no-default-browser-check,disable-client-side-phishing-detection,disable-component-update,disable-default-apps,disable-device-discovery-notifications,disable-domain-reliability,disable-background-timer-throttling,disable-breakpad,no-first-run,disable-background-networking,js-flags=--jitless'
-CPU_SLOWDOWN=15.0
+CPU_SLOWDOWN=12.0
 LIGHTHOUSE_ARGS += --budget-path linter-configs/budget.json --output html --output json --output-file lighthouse-results --throttling-method=devtools --throttling.cpuSlowdownMultiplier=$(CPU_SLOWDOWN) --chrome-flags="$(CHROME_FLAGS)"
 
 hint-online:

assets/css/main.css

@@ -123,8 +123,6 @@ html {
 		/* Add padding on both sides so that focus outlines don't escape their
 		 * containers. This will let us enable CSS containment without
 		 * clipping overflowing elements. */
-		margin-top: .25em;
-		margin-bottom: .25em;
 		padding: 0 .5em;
 	}
 
@@ -133,6 +131,23 @@ html {
 		padding-left: .25em
 	}
 
+	/* Breadcrumbs get a lot of padding, making the hr margin redundant
+	 * Due to containment, the wide blurb at the top of non-article pages
+	 * has a huge padding on the bottom. This actually works for archive
+	 * pages but not for the main page. */
+	article > hr,
+	body > hr,
+	main > hr {
+		margin: 0 .5em;
+	}
+	header hr {
+		margin-bottom: 0;
+	}
+
+	h1 {
+		margin: 0 0 .25em;
+	}
+
 	/* Archive pages can get long. Allow them to get long without slowing
 	 * down the browser by using content-visibility. */
 	dt,
@@ -404,7 +419,6 @@ blockquote {
 h1 {
 	-webkit-hyphens: auto;
 	hyphens: auto;
-	margin-top: .25em;
 }
 
 /* Very narrow screens: full hyphenation.

config.toml

@@ -157,7 +157,8 @@ disableKinds = ["taxonomy", "term"]
 	# than IncludeFields above, depending on what you want.
 	excludeFields = ".*"
 
-# don't minify html but minify other resources, esp the fulltext rss/atom feeds
+# don't minify html but minify other resources
+# Don't minify atom feeds because it messes up whitespace in entry contents.
 [minify]
 	minifyOutput = true
 	disableXML = true

content/notes/on-enforcing-https.md

@@ -0,0 +1,18 @@
+---
+title: "On enforcing HTTPS"
+date: 2022-08-03T21:31:09-07:00
+replyURI: "https://1mb.club/blog/https-redirects/"
+replyTitle: "Consider Disabling HTTPS Auto Redirects"
+replyType: "BlogPosting"
+replyAuthor: "Bradley Taunt"
+replyAuthorURI: "https://tdarb.org/"
+---
+One thing this article misses is the fact that webpages are delivered over the Web to Web browsers.
+
+The vast majority of browsers are application runtime environments. Serving pages to users' browsers creates a software distribution platform. Serving pages in cleartext is a way to give permission to users' ISPs, network administrators, and governments to serve _their_ malware instead, under _your_ name, whether or not your page includes any scripts of your own.
+
+People can't always choose their networks, service providers, or governments. They aren't always equipped to deal with content injection and page alteration.
+
+This isn't a "fear-based tactic". It's an acknowledgement of our reality: networks are hostile. There are no robust measures to stop an intermediary from altering unencrypted traffic, yet there are strong incentives for all able parties to do so. That makes malware injection a perfectly reasonable concern. Moreover: multiple ISPs, including Comcast and Vodafone, have been caught [injecting JavaScript apps into unencrypted pages](https://www.infoworld.com/article/2925839/code-injection-new-low-isps.html). [Governments are no stranger to content injection](https://www.eff.org/deeplinks/2015/04/china-uses-unencrypted-websites-to-hijack-browsers-in-github-attack) either.
+
+If you want to serve in cleartext, pick a protocol that's _not_ part of an application delivery platform. Gopher is a popular option.

content/posts/search-engines-with-own-indexes.md

@@ -94,7 +94,7 @@ These are large engines that pass all my standard tests and more.
 - Yandex: originally a Russian search engine, it now has an English version. Some Russian results bleed into its English site. Like Bing, it allows submitting pages and sitemaps for crawling using the IndexNow API. Powers:
 
   - Epic Search (went paid-only as of June 2021)
-  - Occasionally powers DuckDuck&shy;Go's link results instead of Bing <ins cite="https://energycommerce.house.gov/committee-activity/hearings/hearing-on-holding-big-tech-accountable-legislation-to-protect-online">(update: DuckDuckGo has "paused" its partnership with Yandex, confirmed in {{<mention-work itemtype="Event" itemprop="mentions" role="doc-credit">}}{{<cited-work name="Hearing on “Holding Big Tech Accountable: Legislation to Protect Online Users”" url="https://energycommerce.house.gov/committee-activity/hearings/hearing-on-holding-big-tech-accountable-legislation-to-protect-online" >}}{{</mention-work>}})</ins>
+  - Occasionally powers DuckDuck&shy;Go's link results instead of Bing <ins cite="https://energycommerce.house.gov/committee-activity/hearings/hearing-on-holding-big-tech-accountable-legislation-to-protect-online">(update: DuckDuckGo has "paused" its partnership with Yandex, confirmed in <cite>[Hearing on “Holding Big Tech Accountable: Legislation to Protect Online Users”](https://energycommerce.house.gov/committee-activity/hearings/hearing-on-holding-big-tech-accountable-legislation-to-protect-online)</cite></ins>
   - Petal, for Russian users only.
 
 - [Mojeek](https://www.mojeek.com/): Seems privacy-oriented with a large index containing billions of pages. Quality isn't at GBY's level, but it’s not bad either. If I had to use Mojeek as my default general search engine, I'd live. Partially powers [eTools.ch](https://www.etools.ch/). At this moment, _I think that Mojeek is the best alternative to GBY_ for general search.

layouts/index.html

@@ -2,6 +2,7 @@
 <main>
 <h1 id="h1" tabindex="-1">Seirdy’s Home</h1>
 <p itemprop="description">{{ .Site.Params.Description }}</p>
+<hr />
 <div class="narrow">
 {{ partial "processed-content.html" . }}
 {{ partial "posts.html" . }}

layouts/partials/full-article.html

@@ -4,8 +4,8 @@
 	{{- if not .Params.disableMeta -}}
 	{{- partial "post-meta.html" . -}}
 	{{- end -}}
-	<hr />
 </header>
+<hr />
 <div class="e-content entry-content" itemprop="articleBody">
 	<meta itemprop="author" content="Rohan Kumar" />
 	<!--That was needed bc some reading modes get confused by other authors referenced in the text-->

layouts/partials/webmentions.html

@@ -27,7 +27,7 @@
 						{{- $title = $title | replaceRE `^@Seirdy@pleroma.envs.net(\n| )?` "" -}}
 						{{- /* Mastodon webmentions may include the author in the title followed by a colon; this is redundant. */ -}}
 						{{- if and (isset $webmention "author_name") (findRE `@` $webmention.source) (not (findRE "^https://bridg.gy" $webmention.source)) -}}
-							{{ $title = $title | replaceRE `^[^:]{0,20}: ?` "" }}
+							{{ $title = $title | replaceRE `^[^:]{0,20}: ?` "" | replaceRE `^"@Seirdy@pleroma.envs.net ?` `"` }}
 						{{- end -}}
 					{{- end -}}
 					{{- if and ($hasContent) (gt (countrunes $webmention.title) 128) -}}

linter-configs/budget.json

@@ -31,18 +31,22 @@
 			},
 			{
 				"resourceType": "document",
-				"budget": 60
+				"budget": 75
 			},
 			{
 				"resourceType": "image",
-				"budget": 35
+				"budget": 50 
 			},
 			{
 				"resourceType": "stylesheet",
-				"budget": 1
+				"budget": 3
 			}
 		],
 		"resourceCounts": [
+			{
+				"resourceType": "stylesheet",
+				"budget": 1
+			},
 			{
 				"resourceType": "script",
 				"budget": 0