mirror of
https://git.sr.ht/~seirdy/seirdy.one
synced 2024-11-09 16:02:10 +00:00
Compare commits
2 commits
b59ffb2a39
...
2397a90055
Author | SHA1 | Date | |
---|---|---|---|
|
2397a90055 | ||
|
ab4b9acf0a |
11 changed files with 19 additions and 21 deletions
4
Makefile
4
Makefile
|
@ -73,13 +73,13 @@ validate-html:
|
|||
htmlproofer:
|
||||
htmlproofer $(OUTPUT_DIR) --disable-external --checks Images,Scripts,Favicon,OpenGraph --ignore-files $(OUTPUT_DIR)/search/index.html --ignore-urls '../music.txt'
|
||||
|
||||
linter-configs/htmltest.yml:
|
||||
linter-configs/htmltest/refcache.json:
|
||||
rsync $(RSYNCFLAGS) $(RSYNCFLAGS_EXTRA) deploy@seirdy.one:/home/deploy/refcache.json linter-configs/htmltest/refcache.json
|
||||
|
||||
# basic checks for generated HTML and broken links. Persist the broken
|
||||
# link cache remotely so we can run this in CI.
|
||||
.PHONY: htmltest
|
||||
htmltest: linter-configs/htmltest.yml
|
||||
htmltest: linter-configs/htmltest/refcache.json
|
||||
htmltest -c linter-configs/htmltest.yml $(OUTPUT_DIR)
|
||||
rsync $(RSYNCFLAGS) $(RSYNCFLAGS_EXTRA) linter-configs/htmltest/refcache.json deploy@seirdy.one:/home/deploy/refcache.json
|
||||
|
||||
|
|
|
@ -5,7 +5,7 @@ replyURI: "https://vulpine.club/@KitRedgrave/108682844888729785"
|
|||
replyTitle: "Thread on concerns about DoH in Android"
|
||||
replyType: "SocialMediaPosting"
|
||||
replyAuthor: "vx. redgrave"
|
||||
replyAuthorURI: "https://vulpine.club/@KitRedgrave"
|
||||
replyAuthorURI: "https://firefish.kitredgrave.net/@kit"
|
||||
---
|
||||
IMO: the main benefit of DNS-over-HTTPS (DoH) is that it's a stepping stone to [Oblivious DNS over HTTPS (RFC 9230)](https://www.rfc-editor.org/rfc/rfc9230.html).
|
||||
|
||||
|
|
|
@ -6,7 +6,7 @@ replyURI: "https://web.archive.org/web/20230422173223/https://snowdin.town/notic
|
|||
replyTitle: "self-signatures should have been treated as something normal"
|
||||
replyType: "SocialMediaPosting"
|
||||
replyAuthor: "Luna Saphira Dragofelis"
|
||||
replyAuthorURI: "https://buff.tomboyfan.club/users/LunaDragofelis"
|
||||
replyAuthorURI: "https://pleroma.envs.net/users/Ae1AG6egkhnq6UN1XM"
|
||||
---
|
||||
> in my opinion, self-signatures should have been treated as something normal, with a warning only triggered if the site has been visited before and the signing key has changed
|
||||
|
||||
|
|
|
@ -9,4 +9,4 @@ A good smoke test to see if rainbow-flag/BLM-repping organizations actually give
|
|||
|
||||
They don't care about minorities; they're only in if for the branding. When a soulless organization uses your symbols, it remains soulless.
|
||||
|
||||
Soulless organizations don't have good or evil intent. {{<mention-work itemtype="VideoObject">}}{{<indieweb-person itemprop="author" first-name="Bryan" last-name="Cantrill" url="http://dtrace.org/blogs/bmc/">}} put this best in his talk {{<cited-work name="Fork Yeah! The Rise and Development of Illumnos" url="https://www.youtube.com/watch?v=-zRN7XLCRhc&t=38m30s">}} (starts at <time datetime="PT38M30S" itemprop="startTime">00:38:30</time>).{{</mention-work>}}
|
||||
Soulless organizations don't have good or evil intent. {{<mention-work itemtype="VideoObject">}}{{<indieweb-person itemprop="author" first-name="Bryan" last-name="Cantrill" url="https://bcantrill.dtrace.org/">}} put this best in his talk {{<cited-work name="Fork Yeah! The Rise and Development of Illumnos" url="https://www.youtube.com/watch?v=-zRN7XLCRhc&t=38m30s">}} (starts at <time datetime="PT38M30S" itemprop="startTime">00:38:30</time>).{{</mention-work>}}
|
||||
|
|
|
@ -155,7 +155,7 @@ I had reason to be comfortable with the personal nature of this blocklist. This
|
|||
|
||||
Unfortunately, the situation was different for Oliphant's unified-max blocklist. Several entries made that list for personal reasons. I focused too much on my `tier0.csv` and failed to notice that anything was off with Oliphant's lists, even though I bore much responsibility for this blunder.
|
||||
|
||||
{{<indieweb-person name="Tyr" url="https://pettingzoo.co/@tyr" itemprop="mentions">}} from pettingzoo.co [raised important issues in a thread](https://pettingzoo.co/@tyr/110289010380366104) after noticing his instance's inclusion in the unified-max blocklist. He pointed out that offering a unified-max list containing these blocks is a form of homophobia: it risks hurting sex-positive queer spaces. Simply claiming that the unified-max list isn't intended to be imported isn't enough; there's a real risk that future admins may import it without reading the documentation. I recommend giving the thread a read.
|
||||
{{<indieweb-person name="Tyr" url="https://arf.gay/" itemprop="mentions">}} from pettingzoo.co raised important issues in a now-deleted thread after noticing his instance's inclusion in the unified-max blocklist. He pointed out that offering a unified-max list containing these blocks is a form of homophobia: it risks hurting sex-positive queer spaces. Simply claiming that the unified-max list isn't intended to be imported isn't enough; there's a real risk that future admins may import it without reading the documentation. I recommend giving the thread a read.
|
||||
|
||||
Oliphant got understandable push-back for this issue in his blocklists, but it's not fair for all of the criticism to be directed at him and none at me. Many small mistakes from multiple people, including me, cascaded into one big failure.
|
||||
|
||||
|
|
|
@ -144,7 +144,7 @@ Simply monitoring network activity and systematically testing all claims made by
|
|||
|
||||
This is where some binary analysis comes in. Neither of Skochinsky's linked presentations seem to enumerate any contradictions with official Intel documentation. Unfortunately, some components are poorly understood due to being obfuscated using Huffman compression with unknown dictionaries:
|
||||
|
||||
=> http://io.netgarage.org/me/ Intel ME Huffman algorithm
|
||||
=> https://io.netgarage.org/me/ Intel ME Huffman algorithm
|
||||
|
||||
Understanding the inner workings of the obfuscated components blurs the line between software reverse-engineering and figuring out how the chips are actually made, the latter of which is nigh-impossible if you don't have access to a chip lab full of cash. However, black-box analysis does tell us about the capabilities of these components: see page 21 of "ME Secrets". Thanks to zdctg for clarifying this.
|
||||
|
||||
|
|
|
@ -148,7 +148,7 @@ Simply monitoring network activity and systematically testing all claims made by
|
|||
|
||||
This is where some binary analysis comes in. Neither Skochinsky's [ME Secrets](https://recon.cx/2014/slides/Recon%202014%20Skochinsky.pdf) presentation nor <cite>Intel Me: Myths and Reality</cite> seem to enumerate any contradictions with [official Intel documentation](https://link.springer.com/book/10.1007/978-1-4302-6572-6).
|
||||
|
||||
Unfortunately, some components are poorly understood due to being obfuscated using [Huffman compression with unknown dictionaries](http://io.netgarage.org/me/). Understanding the inner workings of the obfuscated components blurs the line between software reverse-engineering and figuring out how the chips are actually made, the latter of which is nigh-impossible if you don't have access to a chip lab full of cash. However, black-box analysis does tell us about the capabilities of these components: see page 21 of "ME Secrets". Thanks to zdctg for clarifying this.
|
||||
Unfortunately, some components are poorly understood due to being obfuscated using [Huffman compression with unknown dictionaries](https://io.netgarage.org/me/). Understanding the inner workings of the obfuscated components blurs the line between software reverse-engineering and figuring out how the chips are actually made, the latter of which is nigh-impossible if you don't have access to a chip lab full of cash. However, black-box analysis does tell us about the capabilities of these components: see page 21 of "ME Secrets". Thanks to zdctg for clarifying this.
|
||||
|
||||
Skochinsky's and Corna's analysis was sufficient to clarify (but not completely contradict) sensationalism claiming that ME can remotely lock any PC (it was a former opt-in feature), can spy on anything the user does (they clarified that access is limited to unblocked parts of the host memory and the integrated GPU, but doesn't include e.g. the framebuffer), etc.
|
||||
|
||||
|
|
|
@ -995,7 +995,7 @@ Some image optimization tools I use:
|
|||
: Offers more advanced dithering options than gifsicle and pngquant.
|
||||
|
||||
[`oxipng`](https://github.com/shssoichiro/oxipng)
|
||||
: Lossless PNG compression. It's like a parallelized version of [OptiPNG](http://optipng.sourceforge.net/) that also supports an implementation of [ZopfliPNG](https://github.com/google/zopfli/blob/831773bc28e318b91a3255fa12c9fcde1606058b/README.zopflipng) compression
|
||||
: Lossless PNG compression. It's like a parallelized version of [OptiPNG](https://optipng.sourceforge.net/) that also supports an implementation of [ZopfliPNG](https://github.com/google/zopfli/blob/831773bc28e318b91a3255fa12c9fcde1606058b/README.zopflipng) compression
|
||||
|
||||
[`jpegoptim`](https://github.com/tjko/jpegoptim)
|
||||
: Lossless or lossy JPEG compression. Note that JPEG is an inherently lossy format; the lossless features of `jpegoptim` only shrink the size of existing JPEG files by removing unnecessary metadata.
|
||||
|
|
|
@ -43,3 +43,10 @@ https://sparkly.uni.horse/@emily/109224061809444742,https://web.archive.org/web/
|
|||
https://polarhive.ml/blog/messengers/,https://polarhive.net/blog/messengers/
|
||||
https://itnan.ru/post.php?c=1&p=552844,https://web.archive.org/web/20221219060315/https://itnan.ru/post.php?c=1&p=552844#22936344
|
||||
https://news.elias.sh/posts/05-2021/,https://web.archive.org/web/20221219060306/https://news.elias.sh/posts/05-2021/
|
||||
https://brid.gy/comment/mastodon/@seirdy@pleroma.envs.net/AQs97KWObcsL5o0flw/AQsCYKp7tGdFi8L6Q4,https://web.archive.org/web/20221224182745/https://a11y.info/@todd/109558756036481191
|
||||
https://brid.gy/comment/mastodon/@seirdy@pleroma.envs.net/AQs97KWObcsL5o0flw/AQsCj9oz8YDQm0QxrE,https://web.archive.org/web/20230124183651/https://a11y.info/@todd/109558763701454605
|
||||
https://brid.gy/comment/reddit/Seirdy/k0dmpj/gdjjtif,https://brid.gy/comment/reddit/seirdy/k0dmpj/gdjjtif
|
||||
https://brid.gy/comment/reddit/Seirdy/l921u4/glhc3vj,https://brid.gy/comment/reddit/seirdy/l921u4/glhc3vj
|
||||
https://brid.gy/post/reddit/Seirdy/k0a2k3,https://brid.gy/post/reddit/seirdy/k0a2k3
|
||||
https://forum.kuketz-blog.de/viewtopic.php?p=78202,https://archive.today/2022.09.26-213559/https://forum.kuketz-blog.de/viewtopic.php?p=78202
|
||||
https://devin.masto.host/@devinprater/108384703012524116,https://web.archive.org/web/20221124225201/https://devin.masto.host/@devinprater/108384703012524116
|
||||
|
|
|
|
@ -6,7 +6,7 @@ CSS,https://webri.ng/webring/cssjoy/previous?via=https://seirdy.one/,https://cs.
|
|||
no ai,https://baccyflap.com/noai/?prv&s=srd,https://baccyflap.com/noai,https://baccyflap.com/noai/?nxt&s=srd,https://baccyflap.com/noai/?rnd
|
||||
TheOldNet,https://webring.theoldnet.com/member/ba438275f00f5df1a2e78e547424d05e/previous/navigate,https://webring.theoldnet.com/,https://webring.theoldnet.com/member/ba438275f00f5df1a2e78e547424d05e/next/navigate,https://webring.theoldnet.com/member/ba438275f00f5df1a2e78e547424d05e/random/navigate
|
||||
geekring,https://geekring.net/site/167/previous,https://geekring.net/,https://geekring.net/site/167/next,https://geekring.net/site/167/random
|
||||
Loop (JS),https://loop.graycot.dev/webring.html?action=prev,https://docs.graycot.dev/s/MFowZsw_F,https://loop.graycot.dev/webring.html?action=next,https://loop.graycot.dev/webring.html?action=rand
|
||||
Loop (JS),https://loop.graycot.dev/webring.html?action=prev,https://github.com/Graycot/loop-ring/blob/master/README.md,https://loop.graycot.dev/webring.html?action=next,https://loop.graycot.dev/webring.html?action=rand
|
||||
Retronaut,https://webring.dinhe.net/prev/https://seirdy.one/,https://webring.dinhe.net/,https://webring.dinhe.net/next/https://seirdy.one/,null
|
||||
Hotline,https://hotlinewebring.club/seirdy/previous,https://hotlinewebring.club,https://hotlinewebring.club/seirdy/next,null
|
||||
Bucket (JS),https://webring.bucketfish.me/redirect.html?to=prev&name=seirdy,https://webring.bucketfish.me/,https://webring.bucketfish.me/redirect.html?to=next&name=seirdy,null
|
||||
|
|
|
|
@ -1,7 +1,7 @@
|
|||
DirectoryPath: "public"
|
||||
IgnoreDirs:
|
||||
- "search"
|
||||
CacheExpires: "120h" # 1 day
|
||||
CacheExpires: "120h" # 5 days
|
||||
CheckFavicon: true
|
||||
EnforceHTML5: true
|
||||
IgnoreAltMissing: false
|
||||
|
@ -14,15 +14,11 @@ IgnoreHTTPS:
|
|||
- "http://localhost:"
|
||||
- "http://wgq3bd2kqoybhstp77i3wrzbfnsyd27wt34psaja4grqiezqircorkyd.onion"
|
||||
- "http://bettermotherfuckingwebsite.com/"
|
||||
- "http://dtrace.org/"
|
||||
- "http://www.wall.org/~larry/"
|
||||
- "http://herpolhode.com/"
|
||||
- "http://io.netgarage.org/me/"
|
||||
- "http://linter.structured-data.org/"
|
||||
- "http://optipng.sourceforge.net/"
|
||||
- "http://renaissancechambara.jp/"
|
||||
- "http://techrights.org/"
|
||||
- "http://www.nathanmyhrvold.com/"
|
||||
- "http://www.tuxmachines.org/"
|
||||
- "http://xmlns.com/"
|
||||
- "http://nerdlistings.info/"
|
||||
|
@ -45,25 +41,20 @@ IgnoreURLs:
|
|||
# - "https://seirdy.one/.well-known/webfinger?resource=acct%3Aseirdy%40seirdy.one"
|
||||
- "https://seirdy.one/.well-known/webfinger" # inexplicable false positive
|
||||
- "https://strugee.net/" # refuses connection
|
||||
- "https://www.moonshot.forbiddenl0ve.net/index.php" # cert mismatch false positive
|
||||
# - "https://forum.palemoon.org/viewtopic.php?f=1&t=25473" # manual check: blocks crawlers
|
||||
- "https://forum.palemoon.org/viewtopic.php"
|
||||
- "https://queue.acm.org/detail" # manual check: blocks crawlers
|
||||
- "https://plausible.io/blog/google-floc#" # manual check: I block this domain
|
||||
# - "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=830173" # manual check: 400 for some reason, using curl works fine.
|
||||
- "https://bugs.debian.org/cgi-bin/bugreport.cgi"
|
||||
- "https://www.science.org/content/blog-post/deliberately-optimizing-harm" # http 413, browser works fine.
|
||||
# - "https://forum.kuketz-blog.de/viewtopic.php?p=78202" # manual check: blocks crawlers
|
||||
- "https://forum.kuketz-blog.de/viewtopic.php"
|
||||
- "https://web.archive.org/" # the wayback machine itself.
|
||||
- "https://i.reddit.com/r/web_design/comments/k0dmpj/an_opinionated_list_of_best_practices_for_textual/gdmxy4u/"
|
||||
- "https://gitweb.torproject.org/tor-browser.git/tree/browser/components/securitylevel/SecurityLevel.jsm.id=ffdf" # Seems to block htmltest; check manually
|
||||
- "https://lnk.dk" # blocks htmltest
|
||||
- "https://www.fastcompany.com/90759792/with-google-dominating-search-the-internet-needs-crawl-neutrality" # blocks htmltest
|
||||
- "https://faq.whatsapp.com/general/security-and-privacy/answering-your-questions-about-whatsapps-privacy-policy" # my DNS filters block this domain, cbf to work around it just for htmltest
|
||||
- "https://doi.org/10.1515/popets-2017-0023" # redirects to a different domain which tends to block requests. DOI is generally good about keeping links alive; it's kinda the point of the service.
|
||||
- "https://docs.graycot.dev/s/MFowZsw_F" # DNSSEC issue
|
||||
# user has opted out of archiving
|
||||
- "https://herd.bovid.space/@garbados"
|
||||
- "https://make.wordpress.org/accessibility/handbook/markup/infinite-scroll/"
|
||||
- "https://www.reddit.com/user/Seirdy/" # reddit blocks htmltest
|
||||
OutputDir: "linter-configs/htmltest"
|
||||
|
|
Loading…
Reference in a new issue