1
0
Fork 0
mirror of https://git.sr.ht/~seirdy/seirdy.one synced 2024-11-23 21:02:09 +00:00

Compare commits

...

3 commits

Author SHA1 Message Date
Rohan Kumar
4b4d4ef347
Introduce tier-1 2023-09-13 19:21:38 -07:00
Rohan Kumar
6b0da8c26d
Picture shortcode: jpeg support 2023-09-08 10:59:34 -07:00
Rohan Kumar
658b174964
Uses page: Fedora version, Toolbox 2023-09-08 10:58:38 -07:00
4 changed files with 77 additions and 54 deletions

View file

@ -6,7 +6,7 @@ My main computer is a 2013 HP Elitebook 840 G1. It has a dual-core Intel i5-4300
## Environment
* OS: Fedora 36
* OS: Fedora, latest stable release.
* Wayland compositor: Sway
* Shell: zsh (interactive), dash (non-interactive/shell-scripts)
* Terminal Emulator: Foot. Sometimes gnome-terminal when I'm using a screen reader.
@ -16,18 +16,22 @@ My main computer is a 2013 HP Elitebook 840 G1. It has a dual-core Intel i5-4300
* `$EDITOR`: Neovim
* Browser: Firefox for most pages, Chromium for apps, NetSurf when I'm low on battery.
* Coreutils alternatives: ripgrep, sd (better multiline regexes than sed), fd
* Music player: mpd, along with my mpd scripts
* Video player: three builds of mpv, two with a PGO run on different types of video (anime and live-action-with-filmgrain). Often paired with yt-dlp and mpv_sponsorblock
* Image viewer: mpv (one less program to keep track of), swayimg. Both support AVIF and JPEG-XL now.
* Session manager: tmux (I don't use it for tiling, Sway handles that)
* IRC client: WeeChat. Might use senpai eventually, if I can get it to play well with espeak-ng.
* News: Newsboat. I'm thinking of switching to a feed-to-IMAP or Maildir setup eventually so I can get sync and use mblaze, and replace a TUI with a CLI. Ideally something that supports WebSub.
* Containers: Toolbox: Creates quick mutable environments for me to mess around as root. I use Fedora Rawhide for more bleeding-edge packages in these environments. Quick mutable environments to mess around in or use different toolchains are pretty much my only use of containers.
* Screen reader: Orca
=> https://sr.ht/~seirdy/mpd-scripts/ mpd-scripts page
=> https://github.com/po5/mpv_sponsorblock mpv_sponsorblock
=> https://sr.ht/~taiite/senpai/ senpai
## Multimedia
* Music player: mpd, along with my mpd scripts
* Video player: three builds of mpv, two with a PGO run on different types of video (anime and live-action-with-filmgrain). Often paired with yt-dlp and mpv_sponsorblock
* Image viewer: mpv (one less program to keep track of), swayimg. Both support AVIF and JPEG-XL now.
## Mail:
* Mail fetcher: mbsync

View file

@ -8,17 +8,15 @@ date: "2022-06-16T17:16:18-07:00"
---
Here's the software I use. I've recently started to reduce my use of <abbr title="Textual User Interfaces">TUIs</abbr> in favor of <abbr title="Command Line Interfaces">CLIs</abbr> for a variety of reasons. When possible, I try to use lightweight programs that can run on any machine, from a single-board computer to a giant desktop. I don't ever want to feel like I need to upgrade my hardware to do the same tasks as before: hardware upgrades should only be justified by my use-cases significantly changing, existing hardware being broken beyond repair, or upstream abandonment of security patches.[^1]
Hardware
--------
## Hardware
My main computer is a 2013 HP Elitebook 840 G1. It has a dual-core Intel i5-4300U CPU (Haswell), with simultaneous multithreading disabled.
Environment
-----------
## Environment
Fedora 36
: Primary OS. Uses Linux, Systemd, GNU libc, GNU coreutils, dnf, firewalld, and SELinux.
Fedora
: Primary OS, latest stable version. Uses Linux, Systemd, GNU libc, GNU coreutils, dnf, firewalld, and SELinux.
Sway
: Dynamic Wayland compositor that focuses on tiling window management but also supports tabbed and stacking layouts.
@ -32,8 +30,7 @@ DASH
Foot
: Primary terminal emulator. Sometimes I use gnome-terminal when I'm using a screen reader.
Basic utilities
---------------
## Basic utilities
Neovim
@ -48,6 +45,24 @@ ripgrep
[fd](https://github.com/sharkdp/fd)
: Better parallel execution than `find -exec`. I still use `find` in many situations, though.
Tmux
: I typically don't use it for tiling or tabs, except over SSH. Sway has me covered there. I instead use Tmux for session management and for buffer manipulation (regex search, piping the buffer, writing the buffer to a file, etc).
WeeChat
: IRC client. I might use [senpai](https://sr.ht/~taiite/senpai/) eventually, if I can get it to play well with espeak-ng.
Newsboat
: Feed reader for RSS and Atom feeds. I'm thinking of switching to a feed-to-IMAP or Maildir setup eventually so I can get sync and use mblaze, and replace a TUI with a CLI. Ideally something that supports [WebSub](https://websub.net/draft).
Toolbox
: Creates quick mutable environments for me to mess around as root. I use Fedora Rawhide for more bleeding-edge packages in these environments. Quick mutable environments to mess around in or use different toolchains are pretty much my only use of containers.
Orca
: Screen reader. Great for when I'm dealing with overstimulation and need to "turn everything off" for a while. I don't actually rely on this to use my machine.
## Multimedia
mpd
: My music player daemon, paired with [my mpd scripts](https://sr.ht/~seirdy/mpd-scripts/) and [mpd-mpris](https://github.com/natsukagami/mpd-mpris).
@ -58,20 +73,7 @@ mpv
[swayimg](https://github.com/artemsen/swayimg)
: Secondary image viewer; grabs window dimensions from the currently-focused window in Sway.
Tmux
: I typically don't use it for tiling or tabs, except over SSH. Sway has me covered there. I instead use Tmux for session management and for buffer manipulation (regex search, piping the buffer, writing the buffer to a file, etc).
WeeChat
: IRC client. I might use [senpai](https://sr.ht/~taiite/senpai/) eventually, if I can get it to play well with espeak-ng.
Newsboat
: Feed reader for RSS and Atom feeds. I'm thinking of switching to a feed-to-IMAP or Maildir setup eventually so I can get sync and use mblaze, and replace a TUI with a CLI. Ideally something that supports [WebSub.](https://websub.net/draft)
Orca
: Screen reader. Great for when I'm dealing with overstimulation and need to "turn everything off" for a while. I don't actually rely on this to use my machine.
Browsers
--------
## Browsers
I always disable JavaScript and <abbr title="Just-In-Time">JIT</abbr>-compilation unless it's absolutely required.
@ -88,8 +90,7 @@ Tor Browser
NetSurf
: When I'm low on battery or want to experiment a bit.
Mail
----
## Mail
Email sucks but it's the only lightweight, open, federated protocol for subject-delimited threaded discussions that meets my needs. It also makes working with open-source projects easier: it gives me one place to look for patches and issues so I don't have to open GitHub, Codeberg, GitLab, Sourcehut, etc. in different tabs and check each one.[^2]
@ -104,13 +105,12 @@ msmtp
: Routine tasks, displaying my inbox or list threads, reading email, organizing my messages
Neomutt
: My mail user agent, for the tasks that mbsync isn't good for (e.g. manual organization)
: My mail user agent, for the tasks that mblaze isn't good for (e.g. manual organization)
[w3m-sandbox](https://git.sr.ht/~seirdy/bwrap-scripts/tree/trunk/item/w3m-sandbox)
: Displays HTML mail in a sandboxed environment. Networking and most filesystem access are disabled; using its full unrestricted functionality will involve syscalls I forbid with seccomp and crash the program.
Networking and penetration testing
----------------------------------
## Networking and penetration testing
Every administrator needs some tools to test their servers.
@ -136,8 +136,7 @@ Every administrator needs some tools to test their servers.
[ssh-audit](https://github.com/jtesta/ssh-audit)
: I check my SSH config against [this SSH policy](../ssh-policy.txt). It's based on the GrapheneOS infrastructure's SSH configs.
Other tools
-----------
## Other tools
Everyday utilities I can't live without:
@ -186,8 +185,7 @@ bmake
<a href="https://github.com/yt-dlp" id="yt-dlp">yt-dlp</a>
: Download videos from hundreds of different sites, including YouTube. Integrates with external downloaders like aria2 and downloads DASH chunks in parallel to max out your connection speed. yt-dlp also integrates with Sponsorblock to add skippable chapters for the segments I'd otherwise have to manually skip (sponsored content, subscription-begging, an ending segment featuring other videos, and other useless bullshit). I've forgotten what it's like to watch a video ad.
This website
------------
## This website
I use multiple aforementioned tools (Neovim, bmake, sd, etc.) for routine tasks when building seirdy.one.
@ -273,7 +271,7 @@ All my server daemons are statically-linked binaries, which makes sandboxing eas
Nginx
: Specifically, [nginx-quic](https://quic.nginx.org/) with the [headers_more](https://github.com/openresty/headers-more-nginx-module) and [ngx_brotli (static)](https://github.com/google/ngx_brotli) modules. Statically linked against zlib-ng, BoringSSL, PCRE2 (non-JIT), and musl libc; patched for dynamic TLS records, basic externally-managed OCSP-stapling support, static HPACK compression, removing server signatures, and enabling dark mode on in-binary error pages. I recommend most people use Caddy instead of Nginx. The only benefits of Nginx are certain modules providing application-server capabilities, the ability to re-load all configs with zero downtime, better requests-per-second on limited hardware (although most sites won't need to handle more than a few hundred requests per second, which Caddy can handle *easily*), and kernel-accelerated TLS for maximizing bandwidth (usually unnecessary).
: Specifically, [nginx-quic](https://quic.nginx.org/) with the [headers_more](https://github.com/openresty/headers-more-nginx-module) and [ngx_brotli (static)](https://github.com/google/ngx_brotli) modules. Statically linked against zlib-ng, BoringSSL, PCRE2 (non-JIT), and musl libc; patched for dynamic TLS records, basic externally-managed OCSP-stapling support, static HPACK compression, removing server signatures, and enabling dark mode on in-binary error pages. I recommend most people use Caddy instead of Nginx. The only benefits of Nginx are certain modules providing application-server capabilities, the ability to re-load all configs with zero downtime, better requests-per-second on limited hardware (although most sites won't need to handle more than a few hundred requests per second, which Caddy can handle _easily_), and kernel-accelerated TLS for maximizing bandwidth (usually unnecessary).
[certbot-ocsp-fetcher](https://github.com/tomwassenberg/certbot-ocsp-fetcher)
: Shell script to manage the OCSP cache for Nginx, since Nginx's own implementation shouldn't be used without running a trusted resolver (and is completely non-existent if you build with BoringSSL).
@ -293,8 +291,7 @@ Agate
[Conduit](https://conduit.rs/)
: Faster and more lightweight Matrix server in a single binary.
Services
--------
## Services
I generally try to limit my dependence on services, preferring to run software myself. I do make a few compromises.
@ -314,8 +311,7 @@ I generally try to limit my dependence on services, preferring to run software m
[Search My Site](https://searchmysite.net/)
: I already pay for it; I might as well use it! Its API powers the site's search functionality, with searches proxied through a tiny Go wrapper on my backend.
What I don't use
----------------
## What I don't use
These are tools that I don't use, or avoid using.

View file

@ -15,16 +15,18 @@ sitemap:
---
I moderate the "pleroma.envs.net" Akkoma instance on the Fediverse, as <a href="https://pleroma.envs.net/users/Seirdy" rel="me">@Seirdy@pleroma.envs.net</a>.
I maintain three main blocklists for the Fediverse:
I maintain four main blocklists for the Fediverse:
[The `pleroma.envs.net` blocklist](https://seirdy.one/pb/pleroma.envs.net.csv)
: A large list of instances that I find worth suspending. After the first couple hundred entries (imported and then reviewed), I started collecting receipts. Since early 2023, every entry has documented reasons and receipts. I share these with multiple people in a collaborative document, but I don't share it publicly due to risk of harassment. Unlike the other two lists on this page, it wasn't made for general use (though you're welcome to use it as reference).
: A large list of instances that I find worth suspending. After the first couple hundred entries (imported and then reviewed), I started collecting receipts. Since early 2023, every entry has documented reasons and receipts. I share these with multiple people in a collaborative document, but I don't share it publicly due to risk of harassment.
Unlike the other two lists on this page, **it wasn't made for general use** (though you're welcome to use it as reference, or as one of many sources for a consensus-based list with a minimum severity level).
[`tier0.csv`](https://seirdy.one/pb/tier0.csv)
: A much smaller semi-curated subset of `pleroma.envs.net` suitable for the majority of instances wishing to uphold the Mastodon Covenant's moderation standards. I hope to make it a good starting point for your instance's blocklist, with wiggle room for your own adjustments. I encourage you to add and remove entries as you see fit. Regularly importing `tier0.csv` won't account for retractions; [a sibling blocklist for tier-0 retractions](https://seirdy.one/pb/tier0-retractions.csv) exists for [FediBlockHole](https://github.com/eigenmagic/fediblockhole) users.
: A much smaller semi-curated subset of `pleroma.envs.net` suitable for the majority of instances wishing to uphold the Mastodon Covenant's moderation standards, though somewhat heavy-handed. I hope to make it a good **starting point** for your instance's blocklist, with wiggle room for your own adjustments. I encourage you to add and remove entries as you see fit. Regularly importing `tier0.csv` won't account for retractions; [a sibling blocklist for tier-0 retractions](https://seirdy.one/pb/tier0-retractions.csv) exists for [FediBlockHole](https://github.com/eigenmagic/fediblockhole) users.
Note that **this list is larger than the bare-minimum I recommend;** that'd be FediNuke. If you're skeptical of imported blocklists, you should start there.
Note that **this list is larger than the bare-minimum I recommend.** the bare-minimum is FediNuke. If you're skeptical of imported blocklists, you should start there. If you run an instance for many others: please do not blindly import this list unless you intend to review its entries.
[`FediNuke.txt`](https://seirdy.one/pb/FediNuke.txt)
: A curated subset of `tier0.csv`, containing what I deem the "worse half" of it. This contains instances I really do recommend most people block, or at least avoid. I try to make it a suitable candidate for a "default blocklist", and use it as reference when I evaluate the quality of other blocklists.
@ -33,6 +35,9 @@ I maintain three main blocklists for the Fediverse:
Criteria are not set in stone. Instances well-known for causing significant problems for many other instances, particularly for instances run by and for marginalized groups, may be added.
[`tier1.csv`](https://seirdy.one/pb/tier1.csv)
: Identical to `tier0.csv`, except with the addition of some instances that I believe require an admin to make a more informed decision, or at least be aware of should they abstain from moderating. Either they are contentious entries or have detailed context I can't distill into a few pithy sentences like other entries.
All lists, just like all my content on seirdy.one, are CC-BY-SA licensed. Feel free to use them in your own projects accordingly.
This post is an attempt to document how they are made, their differences, their intended use, and especially their caveats. It also contains a work-in-progress list of receipts for instances in FediNuke and my Tier-0.
@ -662,6 +667,10 @@ wideboys.org
{{</ nofollow >}}
## Tier-1 entries, excluding Tier-0
This section hasn't been started yet. It'll be for entries that demand a lengthier explanation and/or a more informed, nuanced decision.
</details>
## Future

View file

@ -1,16 +1,30 @@
{{ $light_svg := resources.GetMatch (printf "/p/%s.svg" (.Get "name")) -}}
{{ $light_png := resources.GetMatch (printf "/p/%s.png" (.Get "name")) -}}
{{ $light_jpg := resources.GetMatch (printf "/p/%s.jpg" (.Get "name")) -}}
{{ $light_webp := resources.GetMatch (printf "/p/%s.webp" (.Get "name")) -}}
{{ $light_avif := resources.GetMatch (printf "/p/%s.avif" (.Get "name")) -}}
{{ $light_jxl := resources.GetMatch (printf "/p/%s.jxl" (.Get "name")) -}}
{{ $dark_svg := resources.GetMatch (printf "/p/%s_dark.svg" (.Get "name")) -}}
{{ $dark_png := resources.GetMatch (printf "/p/%s_dark.png" (.Get "name")) -}}
{{ $dark_jpg := resources.GetMatch (printf "/p/%s_dark.jpg" (.Get "name")) -}}
{{ $dark_webp := resources.GetMatch (printf "/p/%s_dark.webp" (.Get "name")) -}}
{{ $dark_avif := resources.GetMatch (printf "/p/%s_dark.avif" (.Get "name")) -}}
{{ $dark_jxl := resources.GetMatch (printf "/p/%s_dark.jxl" (.Get "name")) -}}
{{- $img_width := $light_png.Width -}}
{{- $img_height := $light_png.Height -}}
{{- $orig_img := $light_png -}}
{{- $orig_img_type := "image/png" -}}
{{- $orig_img_dark := $dark_png -}}
{{- $orig_img_dark_type := "image/png" -}}
{{- with $light_jpg -}}
{{- $orig_img_type = "image/jpeg" -}}
{{- $orig_img = $light_jpg -}}
{{- end -}}
{{- with $dark_jpg -}}
{{- $orig_img_dark_type = "image/jpeg" -}}
{{- $orig_img_dark = $dark_jpg -}}
{{- end -}}
{{- $img_width := $orig_img.Width -}}
{{- $img_height := $orig_img.Height -}}
{{- with (.Get "sf") -}}
{{- $img_width = (mul $img_width . | math.Round) -}}
{{- $img_height = (mul $img_height . | math.Round ) -}}
@ -46,11 +60,11 @@
type="image/webp"
media="screen and (prefers-color-scheme: dark)" />
{{ end -}}
{{ with $dark_png -}}
{{ $dark_png_src := . | resources.Fingerprint "md5" -}}
{{ with $orig_img_dark -}}
{{ $orig_dark_src := . | resources.Fingerprint "md5" -}}
<source
srcset="{{ $dark_png_src.RelPermalink }}"
type="image/png"
srcset="{{ $orig_dark_src.RelPermalink }}"
type="{{ $orig_img_dark_type }}"
media="screen and (prefers-color-scheme: dark)" />
{{ end -}}
{{- if not (in site.BaseURL ".onion") -}}
@ -79,13 +93,13 @@
srcset="{{ $light_webp_src.RelPermalink }}"
type="image/webp" />
{{ end -}}
{{ $light_png_src := $light_png | resources.Fingerprint "md5" -}}
{{ $orig_src := $orig_img | resources.Fingerprint "md5" -}}
<source
srcset="{{ $light_png_src.RelPermalink }}"
type="image/png" />
srcset="{{ $orig_src.RelPermalink }}"
type="{{ $orig_img_type }}" />
<img{{ with .Get "class" }} class="{{ . }}"{{ end }}
width="{{ $img_width }}" height="{{ $img_height }}"
src="{{ $light_png_src.Permalink }}" alt='{{ .Get "alt" }}'
src="{{ $orig_src.Permalink }}" alt='{{ .Get "alt" }}'
{{ with .Parent -}}
{{ if eq .Name "transcribed-image-figure" -}}
{{ with .Get "id" -}}