mirror of
https://git.sr.ht/~seirdy/seirdy.one
synced 2024-11-23 21:02:09 +00:00
Compare commits
3 commits
a9dd691acb
...
4b4d4ef347
Author | SHA1 | Date | |
---|---|---|---|
|
4b4d4ef347 | ||
|
6b0da8c26d | ||
|
658b174964 |
4 changed files with 77 additions and 54 deletions
|
@ -6,7 +6,7 @@ My main computer is a 2013 HP Elitebook 840 G1. It has a dual-core Intel i5-4300
|
|||
|
||||
## Environment
|
||||
|
||||
* OS: Fedora 36
|
||||
* OS: Fedora, latest stable release.
|
||||
* Wayland compositor: Sway
|
||||
* Shell: zsh (interactive), dash (non-interactive/shell-scripts)
|
||||
* Terminal Emulator: Foot. Sometimes gnome-terminal when I'm using a screen reader.
|
||||
|
@ -16,18 +16,22 @@ My main computer is a 2013 HP Elitebook 840 G1. It has a dual-core Intel i5-4300
|
|||
* `$EDITOR`: Neovim
|
||||
* Browser: Firefox for most pages, Chromium for apps, NetSurf when I'm low on battery.
|
||||
* Coreutils alternatives: ripgrep, sd (better multiline regexes than sed), fd
|
||||
* Music player: mpd, along with my mpd scripts
|
||||
* Video player: three builds of mpv, two with a PGO run on different types of video (anime and live-action-with-filmgrain). Often paired with yt-dlp and mpv_sponsorblock
|
||||
* Image viewer: mpv (one less program to keep track of), swayimg. Both support AVIF and JPEG-XL now.
|
||||
* Session manager: tmux (I don't use it for tiling, Sway handles that)
|
||||
* IRC client: WeeChat. Might use senpai eventually, if I can get it to play well with espeak-ng.
|
||||
* News: Newsboat. I'm thinking of switching to a feed-to-IMAP or Maildir setup eventually so I can get sync and use mblaze, and replace a TUI with a CLI. Ideally something that supports WebSub.
|
||||
* Containers: Toolbox: Creates quick mutable environments for me to mess around as root. I use Fedora Rawhide for more bleeding-edge packages in these environments. Quick mutable environments to mess around in or use different toolchains are pretty much my only use of containers.
|
||||
* Screen reader: Orca
|
||||
|
||||
=> https://sr.ht/~seirdy/mpd-scripts/ mpd-scripts page
|
||||
=> https://github.com/po5/mpv_sponsorblock mpv_sponsorblock
|
||||
=> https://sr.ht/~taiite/senpai/ senpai
|
||||
|
||||
## Multimedia
|
||||
|
||||
* Music player: mpd, along with my mpd scripts
|
||||
* Video player: three builds of mpv, two with a PGO run on different types of video (anime and live-action-with-filmgrain). Often paired with yt-dlp and mpv_sponsorblock
|
||||
* Image viewer: mpv (one less program to keep track of), swayimg. Both support AVIF and JPEG-XL now.
|
||||
|
||||
## Mail:
|
||||
|
||||
* Mail fetcher: mbsync
|
||||
|
|
|
@ -8,17 +8,15 @@ date: "2022-06-16T17:16:18-07:00"
|
|||
---
|
||||
Here's the software I use. I've recently started to reduce my use of <abbr title="Textual User Interfaces">TUIs</abbr> in favor of <abbr title="Command Line Interfaces">CLIs</abbr> for a variety of reasons. When possible, I try to use lightweight programs that can run on any machine, from a single-board computer to a giant desktop. I don't ever want to feel like I need to upgrade my hardware to do the same tasks as before: hardware upgrades should only be justified by my use-cases significantly changing, existing hardware being broken beyond repair, or upstream abandonment of security patches.[^1]
|
||||
|
||||
Hardware
|
||||
--------
|
||||
## Hardware
|
||||
|
||||
My main computer is a 2013 HP Elitebook 840 G1. It has a dual-core Intel i5-4300U CPU (Haswell), with simultaneous multithreading disabled.
|
||||
|
||||
Environment
|
||||
-----------
|
||||
## Environment
|
||||
|
||||
|
||||
Fedora 36
|
||||
: Primary OS. Uses Linux, Systemd, GNU libc, GNU coreutils, dnf, firewalld, and SELinux.
|
||||
Fedora
|
||||
: Primary OS, latest stable version. Uses Linux, Systemd, GNU libc, GNU coreutils, dnf, firewalld, and SELinux.
|
||||
|
||||
Sway
|
||||
: Dynamic Wayland compositor that focuses on tiling window management but also supports tabbed and stacking layouts.
|
||||
|
@ -32,8 +30,7 @@ DASH
|
|||
Foot
|
||||
: Primary terminal emulator. Sometimes I use gnome-terminal when I'm using a screen reader.
|
||||
|
||||
Basic utilities
|
||||
---------------
|
||||
## Basic utilities
|
||||
|
||||
|
||||
Neovim
|
||||
|
@ -48,6 +45,24 @@ ripgrep
|
|||
[fd](https://github.com/sharkdp/fd)
|
||||
: Better parallel execution than `find -exec`. I still use `find` in many situations, though.
|
||||
|
||||
Tmux
|
||||
: I typically don't use it for tiling or tabs, except over SSH. Sway has me covered there. I instead use Tmux for session management and for buffer manipulation (regex search, piping the buffer, writing the buffer to a file, etc).
|
||||
|
||||
WeeChat
|
||||
: IRC client. I might use [senpai](https://sr.ht/~taiite/senpai/) eventually, if I can get it to play well with espeak-ng.
|
||||
|
||||
Newsboat
|
||||
: Feed reader for RSS and Atom feeds. I'm thinking of switching to a feed-to-IMAP or Maildir setup eventually so I can get sync and use mblaze, and replace a TUI with a CLI. Ideally something that supports [WebSub](https://websub.net/draft).
|
||||
|
||||
Toolbox
|
||||
: Creates quick mutable environments for me to mess around as root. I use Fedora Rawhide for more bleeding-edge packages in these environments. Quick mutable environments to mess around in or use different toolchains are pretty much my only use of containers.
|
||||
|
||||
Orca
|
||||
: Screen reader. Great for when I'm dealing with overstimulation and need to "turn everything off" for a while. I don't actually rely on this to use my machine.
|
||||
|
||||
## Multimedia
|
||||
|
||||
|
||||
mpd
|
||||
: My music player daemon, paired with [my mpd scripts](https://sr.ht/~seirdy/mpd-scripts/) and [mpd-mpris](https://github.com/natsukagami/mpd-mpris).
|
||||
|
||||
|
@ -58,20 +73,7 @@ mpv
|
|||
[swayimg](https://github.com/artemsen/swayimg)
|
||||
: Secondary image viewer; grabs window dimensions from the currently-focused window in Sway.
|
||||
|
||||
Tmux
|
||||
: I typically don't use it for tiling or tabs, except over SSH. Sway has me covered there. I instead use Tmux for session management and for buffer manipulation (regex search, piping the buffer, writing the buffer to a file, etc).
|
||||
|
||||
WeeChat
|
||||
: IRC client. I might use [senpai](https://sr.ht/~taiite/senpai/) eventually, if I can get it to play well with espeak-ng.
|
||||
|
||||
Newsboat
|
||||
: Feed reader for RSS and Atom feeds. I'm thinking of switching to a feed-to-IMAP or Maildir setup eventually so I can get sync and use mblaze, and replace a TUI with a CLI. Ideally something that supports [WebSub.](https://websub.net/draft)
|
||||
|
||||
Orca
|
||||
: Screen reader. Great for when I'm dealing with overstimulation and need to "turn everything off" for a while. I don't actually rely on this to use my machine.
|
||||
|
||||
Browsers
|
||||
--------
|
||||
## Browsers
|
||||
|
||||
I always disable JavaScript and <abbr title="Just-In-Time">JIT</abbr>-compilation unless it's absolutely required.
|
||||
|
||||
|
@ -88,8 +90,7 @@ Tor Browser
|
|||
NetSurf
|
||||
: When I'm low on battery or want to experiment a bit.
|
||||
|
||||
Mail
|
||||
----
|
||||
## Mail
|
||||
|
||||
Email sucks but it's the only lightweight, open, federated protocol for subject-delimited threaded discussions that meets my needs. It also makes working with open-source projects easier: it gives me one place to look for patches and issues so I don't have to open GitHub, Codeberg, GitLab, Sourcehut, etc. in different tabs and check each one.[^2]
|
||||
|
||||
|
@ -104,13 +105,12 @@ msmtp
|
|||
: Routine tasks, displaying my inbox or list threads, reading email, organizing my messages
|
||||
|
||||
Neomutt
|
||||
: My mail user agent, for the tasks that mbsync isn't good for (e.g. manual organization)
|
||||
: My mail user agent, for the tasks that mblaze isn't good for (e.g. manual organization)
|
||||
|
||||
[w3m-sandbox](https://git.sr.ht/~seirdy/bwrap-scripts/tree/trunk/item/w3m-sandbox)
|
||||
: Displays HTML mail in a sandboxed environment. Networking and most filesystem access are disabled; using its full unrestricted functionality will involve syscalls I forbid with seccomp and crash the program.
|
||||
|
||||
Networking and penetration testing
|
||||
----------------------------------
|
||||
## Networking and penetration testing
|
||||
|
||||
Every administrator needs some tools to test their servers.
|
||||
|
||||
|
@ -136,8 +136,7 @@ Every administrator needs some tools to test their servers.
|
|||
[ssh-audit](https://github.com/jtesta/ssh-audit)
|
||||
: I check my SSH config against [this SSH policy](../ssh-policy.txt). It's based on the GrapheneOS infrastructure's SSH configs.
|
||||
|
||||
Other tools
|
||||
-----------
|
||||
## Other tools
|
||||
|
||||
Everyday utilities I can't live without:
|
||||
|
||||
|
@ -186,8 +185,7 @@ bmake
|
|||
<a href="https://github.com/yt-dlp" id="yt-dlp">yt-dlp</a>
|
||||
: Download videos from hundreds of different sites, including YouTube. Integrates with external downloaders like aria2 and downloads DASH chunks in parallel to max out your connection speed. yt-dlp also integrates with Sponsorblock to add skippable chapters for the segments I'd otherwise have to manually skip (sponsored content, subscription-begging, an ending segment featuring other videos, and other useless bullshit). I've forgotten what it's like to watch a video ad.
|
||||
|
||||
This website
|
||||
------------
|
||||
## This website
|
||||
|
||||
I use multiple aforementioned tools (Neovim, bmake, sd, etc.) for routine tasks when building seirdy.one.
|
||||
|
||||
|
@ -273,7 +271,7 @@ All my server daemons are statically-linked binaries, which makes sandboxing eas
|
|||
|
||||
|
||||
Nginx
|
||||
: Specifically, [nginx-quic](https://quic.nginx.org/) with the [headers_more](https://github.com/openresty/headers-more-nginx-module) and [ngx_brotli (static)](https://github.com/google/ngx_brotli) modules. Statically linked against zlib-ng, BoringSSL, PCRE2 (non-JIT), and musl libc; patched for dynamic TLS records, basic externally-managed OCSP-stapling support, static HPACK compression, removing server signatures, and enabling dark mode on in-binary error pages. I recommend most people use Caddy instead of Nginx. The only benefits of Nginx are certain modules providing application-server capabilities, the ability to re-load all configs with zero downtime, better requests-per-second on limited hardware (although most sites won't need to handle more than a few hundred requests per second, which Caddy can handle *easily*), and kernel-accelerated TLS for maximizing bandwidth (usually unnecessary).
|
||||
: Specifically, [nginx-quic](https://quic.nginx.org/) with the [headers_more](https://github.com/openresty/headers-more-nginx-module) and [ngx_brotli (static)](https://github.com/google/ngx_brotli) modules. Statically linked against zlib-ng, BoringSSL, PCRE2 (non-JIT), and musl libc; patched for dynamic TLS records, basic externally-managed OCSP-stapling support, static HPACK compression, removing server signatures, and enabling dark mode on in-binary error pages. I recommend most people use Caddy instead of Nginx. The only benefits of Nginx are certain modules providing application-server capabilities, the ability to re-load all configs with zero downtime, better requests-per-second on limited hardware (although most sites won't need to handle more than a few hundred requests per second, which Caddy can handle _easily_), and kernel-accelerated TLS for maximizing bandwidth (usually unnecessary).
|
||||
|
||||
[certbot-ocsp-fetcher](https://github.com/tomwassenberg/certbot-ocsp-fetcher)
|
||||
: Shell script to manage the OCSP cache for Nginx, since Nginx's own implementation shouldn't be used without running a trusted resolver (and is completely non-existent if you build with BoringSSL).
|
||||
|
@ -293,8 +291,7 @@ Agate
|
|||
[Conduit](https://conduit.rs/)
|
||||
: Faster and more lightweight Matrix server in a single binary.
|
||||
|
||||
Services
|
||||
--------
|
||||
## Services
|
||||
|
||||
I generally try to limit my dependence on services, preferring to run software myself. I do make a few compromises.
|
||||
|
||||
|
@ -314,8 +311,7 @@ I generally try to limit my dependence on services, preferring to run software m
|
|||
[Search My Site](https://searchmysite.net/)
|
||||
: I already pay for it; I might as well use it! Its API powers the site's search functionality, with searches proxied through a tiny Go wrapper on my backend.
|
||||
|
||||
What I don't use
|
||||
----------------
|
||||
## What I don't use
|
||||
|
||||
These are tools that I don't use, or avoid using.
|
||||
|
||||
|
|
|
@ -15,16 +15,18 @@ sitemap:
|
|||
---
|
||||
I moderate the "pleroma.envs.net" Akkoma instance on the Fediverse, as <a href="https://pleroma.envs.net/users/Seirdy" rel="me">@Seirdy@pleroma.envs.net</a>.
|
||||
|
||||
I maintain three main blocklists for the Fediverse:
|
||||
I maintain four main blocklists for the Fediverse:
|
||||
|
||||
|
||||
[The `pleroma.envs.net` blocklist](https://seirdy.one/pb/pleroma.envs.net.csv)
|
||||
: A large list of instances that I find worth suspending. After the first couple hundred entries (imported and then reviewed), I started collecting receipts. Since early 2023, every entry has documented reasons and receipts. I share these with multiple people in a collaborative document, but I don't share it publicly due to risk of harassment. Unlike the other two lists on this page, it wasn't made for general use (though you're welcome to use it as reference).
|
||||
: A large list of instances that I find worth suspending. After the first couple hundred entries (imported and then reviewed), I started collecting receipts. Since early 2023, every entry has documented reasons and receipts. I share these with multiple people in a collaborative document, but I don't share it publicly due to risk of harassment.
|
||||
|
||||
Unlike the other two lists on this page, **it wasn't made for general use** (though you're welcome to use it as reference, or as one of many sources for a consensus-based list with a minimum severity level).
|
||||
|
||||
[`tier0.csv`](https://seirdy.one/pb/tier0.csv)
|
||||
: A much smaller semi-curated subset of `pleroma.envs.net` suitable for the majority of instances wishing to uphold the Mastodon Covenant's moderation standards. I hope to make it a good starting point for your instance's blocklist, with wiggle room for your own adjustments. I encourage you to add and remove entries as you see fit. Regularly importing `tier0.csv` won't account for retractions; [a sibling blocklist for tier-0 retractions](https://seirdy.one/pb/tier0-retractions.csv) exists for [FediBlockHole](https://github.com/eigenmagic/fediblockhole) users.
|
||||
: A much smaller semi-curated subset of `pleroma.envs.net` suitable for the majority of instances wishing to uphold the Mastodon Covenant's moderation standards, though somewhat heavy-handed. I hope to make it a good **starting point** for your instance's blocklist, with wiggle room for your own adjustments. I encourage you to add and remove entries as you see fit. Regularly importing `tier0.csv` won't account for retractions; [a sibling blocklist for tier-0 retractions](https://seirdy.one/pb/tier0-retractions.csv) exists for [FediBlockHole](https://github.com/eigenmagic/fediblockhole) users.
|
||||
|
||||
Note that **this list is larger than the bare-minimum I recommend;** that'd be FediNuke. If you're skeptical of imported blocklists, you should start there.
|
||||
Note that **this list is larger than the bare-minimum I recommend.** the bare-minimum is FediNuke. If you're skeptical of imported blocklists, you should start there. If you run an instance for many others: please do not blindly import this list unless you intend to review its entries.
|
||||
|
||||
[`FediNuke.txt`](https://seirdy.one/pb/FediNuke.txt)
|
||||
: A curated subset of `tier0.csv`, containing what I deem the "worse half" of it. This contains instances I really do recommend most people block, or at least avoid. I try to make it a suitable candidate for a "default blocklist", and use it as reference when I evaluate the quality of other blocklists.
|
||||
|
@ -33,6 +35,9 @@ I maintain three main blocklists for the Fediverse:
|
|||
|
||||
Criteria are not set in stone. Instances well-known for causing significant problems for many other instances, particularly for instances run by and for marginalized groups, may be added.
|
||||
|
||||
[`tier1.csv`](https://seirdy.one/pb/tier1.csv)
|
||||
: Identical to `tier0.csv`, except with the addition of some instances that I believe require an admin to make a more informed decision, or at least be aware of should they abstain from moderating. Either they are contentious entries or have detailed context I can't distill into a few pithy sentences like other entries.
|
||||
|
||||
All lists, just like all my content on seirdy.one, are CC-BY-SA licensed. Feel free to use them in your own projects accordingly.
|
||||
|
||||
This post is an attempt to document how they are made, their differences, their intended use, and especially their caveats. It also contains a work-in-progress list of receipts for instances in FediNuke and my Tier-0.
|
||||
|
@ -662,6 +667,10 @@ wideboys.org
|
|||
|
||||
{{</ nofollow >}}
|
||||
|
||||
## Tier-1 entries, excluding Tier-0
|
||||
|
||||
This section hasn't been started yet. It'll be for entries that demand a lengthier explanation and/or a more informed, nuanced decision.
|
||||
|
||||
</details>
|
||||
|
||||
## Future
|
||||
|
|
|
@ -1,16 +1,30 @@
|
|||
{{ $light_svg := resources.GetMatch (printf "/p/%s.svg" (.Get "name")) -}}
|
||||
{{ $light_png := resources.GetMatch (printf "/p/%s.png" (.Get "name")) -}}
|
||||
{{ $light_jpg := resources.GetMatch (printf "/p/%s.jpg" (.Get "name")) -}}
|
||||
{{ $light_webp := resources.GetMatch (printf "/p/%s.webp" (.Get "name")) -}}
|
||||
{{ $light_avif := resources.GetMatch (printf "/p/%s.avif" (.Get "name")) -}}
|
||||
{{ $light_jxl := resources.GetMatch (printf "/p/%s.jxl" (.Get "name")) -}}
|
||||
{{ $dark_svg := resources.GetMatch (printf "/p/%s_dark.svg" (.Get "name")) -}}
|
||||
{{ $dark_png := resources.GetMatch (printf "/p/%s_dark.png" (.Get "name")) -}}
|
||||
{{ $dark_jpg := resources.GetMatch (printf "/p/%s_dark.jpg" (.Get "name")) -}}
|
||||
{{ $dark_webp := resources.GetMatch (printf "/p/%s_dark.webp" (.Get "name")) -}}
|
||||
{{ $dark_avif := resources.GetMatch (printf "/p/%s_dark.avif" (.Get "name")) -}}
|
||||
{{ $dark_jxl := resources.GetMatch (printf "/p/%s_dark.jxl" (.Get "name")) -}}
|
||||
|
||||
{{- $img_width := $light_png.Width -}}
|
||||
{{- $img_height := $light_png.Height -}}
|
||||
{{- $orig_img := $light_png -}}
|
||||
{{- $orig_img_type := "image/png" -}}
|
||||
{{- $orig_img_dark := $dark_png -}}
|
||||
{{- $orig_img_dark_type := "image/png" -}}
|
||||
{{- with $light_jpg -}}
|
||||
{{- $orig_img_type = "image/jpeg" -}}
|
||||
{{- $orig_img = $light_jpg -}}
|
||||
{{- end -}}
|
||||
{{- with $dark_jpg -}}
|
||||
{{- $orig_img_dark_type = "image/jpeg" -}}
|
||||
{{- $orig_img_dark = $dark_jpg -}}
|
||||
{{- end -}}
|
||||
{{- $img_width := $orig_img.Width -}}
|
||||
{{- $img_height := $orig_img.Height -}}
|
||||
{{- with (.Get "sf") -}}
|
||||
{{- $img_width = (mul $img_width . | math.Round) -}}
|
||||
{{- $img_height = (mul $img_height . | math.Round ) -}}
|
||||
|
@ -46,11 +60,11 @@
|
|||
type="image/webp"
|
||||
media="screen and (prefers-color-scheme: dark)" />
|
||||
{{ end -}}
|
||||
{{ with $dark_png -}}
|
||||
{{ $dark_png_src := . | resources.Fingerprint "md5" -}}
|
||||
{{ with $orig_img_dark -}}
|
||||
{{ $orig_dark_src := . | resources.Fingerprint "md5" -}}
|
||||
<source
|
||||
srcset="{{ $dark_png_src.RelPermalink }}"
|
||||
type="image/png"
|
||||
srcset="{{ $orig_dark_src.RelPermalink }}"
|
||||
type="{{ $orig_img_dark_type }}"
|
||||
media="screen and (prefers-color-scheme: dark)" />
|
||||
{{ end -}}
|
||||
{{- if not (in site.BaseURL ".onion") -}}
|
||||
|
@ -79,13 +93,13 @@
|
|||
srcset="{{ $light_webp_src.RelPermalink }}"
|
||||
type="image/webp" />
|
||||
{{ end -}}
|
||||
{{ $light_png_src := $light_png | resources.Fingerprint "md5" -}}
|
||||
{{ $orig_src := $orig_img | resources.Fingerprint "md5" -}}
|
||||
<source
|
||||
srcset="{{ $light_png_src.RelPermalink }}"
|
||||
type="image/png" />
|
||||
srcset="{{ $orig_src.RelPermalink }}"
|
||||
type="{{ $orig_img_type }}" />
|
||||
<img{{ with .Get "class" }} class="{{ . }}"{{ end }}
|
||||
width="{{ $img_width }}" height="{{ $img_height }}"
|
||||
src="{{ $light_png_src.Permalink }}" alt='{{ .Get "alt" }}'
|
||||
src="{{ $orig_src.Permalink }}" alt='{{ .Get "alt" }}'
|
||||
{{ with .Parent -}}
|
||||
{{ if eq .Name "transcribed-image-figure" -}}
|
||||
{{ with .Get "id" -}}
|
||||
|
|
Loading…
Reference in a new issue