wowana.me

website source


commit e499ebc201b200ee8f17bf8daa616706b7afa9a9
parent f7738449b4e13449bd16b546b9a62a8fdb0e95bb
Author: opal hart <opal@wowana.me>
Date:   Sat, 22 Feb 2020 06:58:05 +0000

fucking finally delete shit from out/

Diffstat:
Dout/about.xht | 42------------------------------------------
Dout/blog/a-musing-on-sharing-and-receiving-opinions.xht | 50--------------------------------------------------
Dout/blog/a-new-era-for-hidden-answers.xht | 77-----------------------------------------------------------------------------
Dout/blog/acme-client-letskencrypt-dns-01-how-to.xht | 91-------------------------------------------------------------------------------
Dout/blog/are-passwords-the-right-solution.xht | 106-------------------------------------------------------------------------------
Dout/blog/chen-hosting-goals-and-difficulties.xht | 52----------------------------------------------------
Dout/blog/federated-social-networking.xht | 206-------------------------------------------------------------------------------
Dout/blog/feed.atom | 1329-------------------------------------------------------------------------------
Dout/blog/guess-im-done-with-discord.xht | 170-------------------------------------------------------------------------------
Dout/blog/index.xht | 60------------------------------------------------------------
Dout/blog/learning-how-to-learn.xht | 72------------------------------------------------------------------------
Dout/blog/living-without-discord.xht | 247-------------------------------------------------------------------------------
Dout/blog/my-and-your-pgp-habits-could-be-better.xht | 66------------------------------------------------------------------
Dout/blog/paving-the-road-for-the-future-of-technology.xht | 57---------------------------------------------------------
Dout/blog/site-update.xht | 40----------------------------------------
Dout/blog/staying-safe-online.xht | 141-------------------------------------------------------------------------------
Dout/blog/testing-patches-made-to-bashblog-script.xht | 42------------------------------------------
Dout/blog/the-grey-area-of-paedophilia.xht | 56--------------------------------------------------------
Dout/blog/trying-new-software.xht | 59-----------------------------------------------------------
Dout/blog/why-i-no-longer-use-github.xht | 82-------------------------------------------------------------------------------
Dout/blog/why-program-efficiency-and-usability-matters.xht | 87-------------------------------------------------------------------------------
Dout/blog/wowaname-now-on-git-and-hosted-on-my-laptop.xht | 133-------------------------------------------------------------------------------
Dout/bookmarks.xht | 150-------------------------------------------------------------------------------
Dout/contact.xht | 45---------------------------------------------
Dout/donate.xht | 129-------------------------------------------------------------------------------
Dout/fediverse.xht | 429-------------------------------------------------------------------------------
Dout/files/Summitto.txt | 103-------------------------------------------------------------------------------
Dout/htss.xht | 133-------------------------------------------------------------------------------
Dout/permalink.xht | 54------------------------------------------------------
Dout/pgp.xht | 46----------------------------------------------
Dout/software.xht | 267-------------------------------------------------------------------------------
31 files changed, 0 insertions(+), 4621 deletions(-)

diff --git a/out/about.xht b/out/about.xht @@ -1,42 +0,0 @@ -<?xml version="1.0" encoding="UTF-8"?> -<!DOCTYPE html> -<html xmlns="http://www.w3.org/1999/xhtml" lang="en-GB"> - <head> - <title>about – wowana.me</title> - <link rel="stylesheet" type="text/css" href="/opal.css"/> - <link href="/blog/feed.atom" type="application/atom+xml" rel="alternate" title="Blog Atom feed"/> - <meta xmlns="http://www.w3.org/1999/xhtml" name="viewport" content="width=device-width, initial-scale=1"/> - </head> - <body> - <div class="sidebar-holder"> - <header class="sidebar"> - <img class="avatar" src="https://seccdn.libravatar.org/avatar/bb7163135b77def7691f06a4e295f3d4?s=290" alt="Libravatar"/> - <h1><a class="nolink" href="/">opal</a></h1> - <p class="subheader">wowaname</p> - <nav class="topnav"> - <ul> - <li><a href="/about.xht">about</a></li> - <li><a href="/blog/">blog</a></li> - <li><a href="/contact.xht">contact</a></li> - <li><a href="/donate.xht">donate</a></li> - <li><a href="/git/">git</a></li> - <li><a href="/pgp.xht">PGP</a></li> - <li><a href="/files/">files</a></li> - <li><a href="/permalink.xht">permalink</a></li> - <li>content is <a href="https://creativecommons.org/share-your-work/public-domain/cc0">public domain</a> unless otherwise noted</li> - </ul> - </nav> - </header> - </div> - -<main> -<h1 id="about">about</h1> - -<p>my nickname is wowaname, my real name is opal hart, and my legal name is something I don't want to talk about. I have strong interests in technology, security, communications, and personal freedom. not much else about me is immediately important unless you get to know me.</p> - -<p>this site has always primarily served as a file dumping-ground but I am now experimenting with a blog that others should find interesting. it has undergone multiple redesigns and hopefully I am happy with this redesign, even if you aren't.</p> - -<p>I hope you're able to take something useful out of my work.</p> -</main> - </body> -</html> diff --git a/out/blog/a-musing-on-sharing-and-receiving-opinions.xht b/out/blog/a-musing-on-sharing-and-receiving-opinions.xht @@ -1,50 +0,0 @@ -<?xml version="1.0" encoding="UTF-8"?> -<!DOCTYPE html> -<html xmlns="http://www.w3.org/1999/xhtml" lang="en-GB"> - <head> - <title>a musing on sharing and receiving opinions – wowana.me</title> - <link rel="stylesheet" type="text/css" href="/opal.css"/> - <link href="/blog/feed.atom" type="application/atom+xml" rel="alternate" title="Blog Atom feed"/> - <meta xmlns="http://www.w3.org/1999/xhtml" name="viewport" content="width=device-width, initial-scale=1"/> - </head> - <body> - <div class="sidebar-holder"> - <header class="sidebar"> - <img class="avatar" src="https://seccdn.libravatar.org/avatar/bb7163135b77def7691f06a4e295f3d4?s=290" alt="Libravatar"/> - <h1><a class="nolink" href="/">opal</a></h1> - <p class="subheader">wowaname</p> - <nav class="topnav"> - <ul> - <li><a href="/about.xht">about</a></li> - <li><a href="/blog/">blog</a></li> - <li><a href="/contact.xht">contact</a></li> - <li><a href="/donate.xht">donate</a></li> - <li><a href="/git/">git</a></li> - <li><a href="/pgp.xht">PGP</a></li> - <li><a href="/files/">files</a></li> - <li><a href="/permalink.xht">permalink</a></li> - <li>content is <a href="https://creativecommons.org/share-your-work/public-domain/cc0">public domain</a> unless otherwise noted</li> - </ul> - </nav> - </header> - </div> - -<main> -<h1 id="a-musing-on-sharing-and-receiving-opinions">a musing on sharing and receiving opinions</h1> - -<time datetime='2018-09-24T11:40:36+0000' title='2018-09-24T11:40:36+0000'>2018 Sep 24</time> - -<p>from <a href="https://anime.website/notice/1098692">my fediverse post</a>:</p> - -<blockquote> - <p>am i perfect? no, far from it. i go out of my way to be an edgy fuck more than enough, i am quick to resort to namecalling, but overall i feel like i'm a reasonable person if you can look past that. while some people use edginess/insults to carry out their "race war now" politics, i simply use it because i'm used to it, i don't take offence to it when it's used against me, and i believe (to a fault) in "treat others how you want to be treated."</p> - -<p>except sometimes i put my edginess aside for a brief bit, and i try to discuss something maturely, without the intent to provoke. and that isn't even well-received as much as it should be, for whatever reason. people choose to be ignorant to differing opinions rather than to be openly sceptical, rather than to judge whether a new idea is acceptable, needs additional review/argument, or can be discarded safely (and ideally in an adultlike manner that doesn't end up accusing people of stuff simply because they believe in something).</p> - -<p>psychologists have a term for silencing opposition: it's a maladaptive coping response to stressors, meaning it is unhealthy in the long run and only causes more problems. the adage "you can run but you can't hide" is suitable here; you can temporarily silence dissenting opinions (or ruin your life trying to permanently silence all sources of it) instead of just taking those opinions as they are: opinions. nobody's forcing you to believe anything, and the people who do use force to spread their opinions are to be looked down upon. most of us are simply exposing others to new ideas based off our own experiences and knowledge; we're doing it in an attempt to help out but we don't always show our intent straight up, because we're naïve and believe that everyone is as open as us to new ideas and opinions.</p> - -<p>like i said, i'm flawed as fuck, but i don't believe my flaws and edginess has a profound impact on my ability to diffuse my opinions and knowledge to others out there</p> -</blockquote> -</main> - </body> -</html> diff --git a/out/blog/a-new-era-for-hidden-answers.xht b/out/blog/a-new-era-for-hidden-answers.xht @@ -1,77 +0,0 @@ -<?xml version="1.0" encoding="UTF-8"?> -<!DOCTYPE html> -<html xmlns="http://www.w3.org/1999/xhtml" lang="en-GB"> - <head> - <title>a new era for Hidden Answers – wowana.me</title> - <link rel="stylesheet" type="text/css" href="/opal.css"/> - <link href="/blog/feed.atom" type="application/atom+xml" rel="alternate" title="Blog Atom feed"/> - <meta xmlns="http://www.w3.org/1999/xhtml" name="viewport" content="width=device-width, initial-scale=1"/> - </head> - <body> - <div class="sidebar-holder"> - <header class="sidebar"> - <img class="avatar" src="https://seccdn.libravatar.org/avatar/bb7163135b77def7691f06a4e295f3d4?s=290" alt="Libravatar"/> - <h1><a class="nolink" href="/">opal</a></h1> - <p class="subheader">wowaname</p> - <nav class="topnav"> - <ul> - <li><a href="/about.xht">about</a></li> - <li><a href="/blog/">blog</a></li> - <li><a href="/contact.xht">contact</a></li> - <li><a href="/donate.xht">donate</a></li> - <li><a href="/git/">git</a></li> - <li><a href="/pgp.xht">PGP</a></li> - <li><a href="/files/">files</a></li> - <li><a href="/permalink.xht">permalink</a></li> - <li>content is <a href="https://creativecommons.org/share-your-work/public-domain/cc0">public domain</a> unless otherwise noted</li> - </ul> - </nav> - </header> - </div> - -<main> -<h1 id="a-new-era-for-Hidden-Answers">a new era for Hidden Answers</h1> - -<time datetime='2018-04-13T00:55:08+0000' title='2018-04-13T00:55:08+0000'>2018 Apr 13</time> - -<p>this post is specifically for users of the Hidden Answers website. if you don't know what it is, this probably isn't worth reading. still, curious people who want to help out with the website are welcome to <a href="/contact.xht">contact me</a>; any help is appreciated.</p> - -<p>for those who aren't on Hidden Answers: it's a hidden service question-answer website using the <a href="http://question2answer.org/">Question2Answer</a> software, and in similar format to Stack Exchange. it's available <a href="http://answerstedhctbek.onion/">on tor</a> and <a href="http://hiddenanswers.i2p/">on i2p</a> and currently is multilingual for English, Spanish, Portuguese, and Russian speakers.</p> - -<p>at the time of writing, new user registration is closed for a multitude of reasons. I have hopes of re-enabling registration soon, after we have fixed some long-lasting issues with the site.</p> - -<p>as users have inevitably noticed by now, there are a few issues with the site, ranging from the community to the software. the past month, the MySQL database for Hidden Answers has experienced unexplained corruption, and last week the server's disk space was completely consumed by MySQL binary logs, causing the site to be totally inaccessible. (seriously MySQL/MariaDB, why keep all logs infinitely by default? and why did nobody tell me about this before I went into web hosting?)</p> - -<p>over the past year pinochet, the website founder, has come in and out of the scene for being responsible for the site. the grunt of the website's work has been handled by both me and the dedicated moderation team. but even we aren't enough to keep the website running optimally. not only that, but mods come and go, and some of them understandably become tired of dealing with the site. and we have no idea what's going on with the multilingual sites (Portuguese HA was overrun by scammers at some point, for example). communication between all the moderators is barely established, and this causes additional strain on relationships and on the state of the website.</p> - -<p>pinochet is now long gone and only the mods and I are left to run the site. I am officially taking over the site; this is effective at the time of writing this post. that means you should write down my PGP key and you should write down my contact information (it's best to contact me over E-mail and XMPP, and <em>please</em> tell me who you are and why you wish to contact me, or I'll likely ignore you. saying <q>hi</q> isn't enough to get my attention because I deal with a lot of people and things daily).</p> - -<p>I am going to make a few assertions. before, I have made these as suggestions, but they have clearly not been enough to cause any notable change in the site. from this point on:</p> - -<ul> -<li>I <em>need</em> moderators, editors, and anyone else with an official Hidden Answers role to post their E-mail and/or XMPP address on their profile, and I <em>need</em> them to have a copy-pastable PGP key or fingerprint. no exceptions. we need to improve communication, especially since the PM system has been disabled (and more on that in the next point).</li> -<li>PMs are <em>indefinitely</em> disabled. they're a venue of abuse. they're unencrypted. I have had to look into suspicious accounts per moderator request, and each suspicious account I looked into, I found shitloads of messages breaking the website's rules. if you need to contact someone, do it off-site. do it on their public wall. PMs are useless for a question-answer site such as ours.</li> -<li>I will make my source code changes to Question2Answer available on my git. I am aware this will make the website easier to clone, but I believe this isn't an issue, since people already try to set up scam sites targeting HA users anyway. the benefit of open software development outweighs the risks, in my view.</li> -<li>we <em>need</em> a defined process to choose official roles. we need more concise roles too: -<ul> -<li>super administrator: the website owner (me, now). I can add new admins and mods, change site settings, and be the <q>last say</q> of what goes on.</li> -<li>administrator: trusted people who represent Hidden Answers probably more than I do, lift a lot of the site's weight, and can maintain relations with mods and users. I'm appointing v0h20 and Fox to this role because they have done a shitload for this site and I trust their judgment for adding new mods.</li> -<li>global moderator. their main roles will be to oversee editors and to block rulebreaking users.</li> -<li>global editor. responsible for backtracking through the older questions (at least until they're all cleaned up eventually) and recategorising, editing, closing, and selecting answers as necessary. does this for new questions and answers as well.</li> -<li>category editors. responsible for cleaning up posts under their own category and can be seen as a category expert as well.</li> -<li>emeritus. just a status for ex-mods and -admins that have stepped down from their roles voluntarily (or were inactive).</li> -<li>technical contributor. I promised a role for anyone willing to help with the code. these people contribute to Q2A updates, debugging, and security penetration testing.</li> -</ul></li> -<li>we <em>need</em> administration transparecy. moderation decisions need to be made public so we're all on the same page, and so users can criticise us if we do something wrong.</li> -<li>we <em>need</em> concrete rules and ways to deal with offences. so far, it's just been play-by-ear.</li> -<li>additional focus needs to be placed on the other HA languages.</li> -<li>additional focus also needs to be placed on supplementary shit like a showcase of frequently-asked questions, to make it easier for newbies to search.</li> -<li>anything else needs to be discussed on HA, in front of everyone, making use of the poll system I installed recently. that way, we have a more democratic approach to the site.</li> -</ul> - -<p>I'm busy with IRL shit (school semester is wrapping up for instance, I have a lot of studying to do and projects to wrap up), so anything that's broken will stay broken until I get around to it or until someone is able to help me with it. be reminded that since this is a hidden service website, I have trust issues and if you contact me anonymously, asking to help, I'll probably assume you're a malicious entity. so <em>please</em> tell me anything that can help me establish who you are. I'm not all that anonymous so I don't think I'm being hypocritical for asking you for some additional information about yourself. if you disagree with my approach, don't contact me.</p> - -<p>any issues or questions or whatever you have about any of this, please <a href="/contact.xht">contact me directly</a> so I can respond to you sooner. I check E-mail and XMPP more often than I check Hidden Answers, and I prefer those methods of contact because they are much easier for me to keep track of shit. pinochet/oqypa are out of the picture; don't use those E-mail addresses because you won't get a response.</p> -</main> - </body> -</html> diff --git a/out/blog/acme-client-letskencrypt-dns-01-how-to.xht b/out/blog/acme-client-letskencrypt-dns-01-how-to.xht @@ -1,91 +0,0 @@ -<?xml version="1.0" encoding="UTF-8"?> -<!DOCTYPE html> -<html xmlns="http://www.w3.org/1999/xhtml" lang="en-GB"> - <head> - <title>acme-client (letskencrypt) dns-01 how-to – wowana.me</title> - <link rel="stylesheet" type="text/css" href="/opal.css"/> - <link href="/blog/feed.atom" type="application/atom+xml" rel="alternate" title="Blog Atom feed"/> - <meta xmlns="http://www.w3.org/1999/xhtml" name="viewport" content="width=device-width, initial-scale=1"/> - </head> - <body> - <div class="sidebar-holder"> - <header class="sidebar"> - <img class="avatar" src="https://seccdn.libravatar.org/avatar/bb7163135b77def7691f06a4e295f3d4?s=290" alt="Libravatar"/> - <h1><a class="nolink" href="/">opal</a></h1> - <p class="subheader">wowaname</p> - <nav class="topnav"> - <ul> - <li><a href="/about.xht">about</a></li> - <li><a href="/blog/">blog</a></li> - <li><a href="/contact.xht">contact</a></li> - <li><a href="/donate.xht">donate</a></li> - <li><a href="/git/">git</a></li> - <li><a href="/pgp.xht">PGP</a></li> - <li><a href="/files/">files</a></li> - <li><a href="/permalink.xht">permalink</a></li> - <li>content is <a href="https://creativecommons.org/share-your-work/public-domain/cc0">public domain</a> unless otherwise noted</li> - </ul> - </nav> - </header> - </div> - -<main> -<h1 id="acme-client-%28letskencrypt%29-dns-01-how-to">acme-client (letskencrypt) dns-01 how-to</h1> - -<time datetime='2018-09-21T16:45:46+0000' title='2018-09-21T16:45:46+0000'>2018 Sep 21</time> - -<p>I just spent half my day literally yelling at the screen trying to figure out how to use <a href="https://kristaps.bsd.lv/acme-client">acme-client</a> (formally known as letskencrypt) for dns-01 challenges. there's no examples in the man page, none online, and the source code didn't help much.</p> - -<hr /> - -<p>why not <a href="https://certbot.eff.org/">certbot</a>? I've tried it, but it insists on making its own crazy filetree structure, and I needed everything contained to a single directory (more specifically, a mountpoint shared between my LXC containers, with appropriate file permissions set). why not <a href="https://github.com/lukas2511/dehydrated">dehydrated</a>? I probably could have used it, but I was attracted to acme-client for its implementation in C, portability, and minimal dependencies. I was pretty much stubborn to make it work. why not just use http-01? I run a dedicated server with containerised services and a bunch of NAT black magic, so DNS challenges allow me to create my certs in one container instead of entrusting all my containers with the task and causing more headache for myself.</p> - -<p>anyway, after digging through an issue on github and dehydrated's source, I finally had enough information in order to implement a working dns-01 script. I hope this saves someone else from spending a day like I did, and wanting to kill themselves at the end of it.</p> - -<p>I use mksh, but with a bit of editing you can translate it to POSIX sh, or just replace the shebang with bash. as you can see, I didn't really place much effort into making this pretty; I just wanted it to work.</p> - -<pre><code>#!/bin/mksh - -domains=( - 'anime.website anime.website' - 'krustykrab.restaurant bfbb.krustykrab.restaurant' - 'gentoo.today gentoo.today install.gentoo.today' - 'volatile.bz git.volatile.bz' - 'krustykrab.restaurant krustykrab.restaurant' - # ... -) -nsupdate_key=/etc/bind/ddns.key - -for line in "${domains[@]}"; do - zone=`cut -f1 &lt;&lt;&lt;"$line"` - domainlist=`cut -f2 &lt;&lt;&lt;"$line"` - echo "Updating '$domainlist' in $zone" - pemdir=/mnt/certs/`cut -d' ' -f1 &lt;&lt;&lt;"$domainlist"` - mkdir -p $pemdir - acme-client -vnNmt dns-01 -c $pemdir -k $pemdir/privkey.pem $domainlist |&amp; - while read -p type domain token; do - keyauth=`printf '%s' "$token" | openssl dgst -sha256 -binary | base64 | tr '+\/' '-_' | tr -d '='` - nsupdate -4l -k $nsupdate_key &lt;&lt;-EOF - zone $zone - update delete _acme-challenge.$domain TXT - update add _acme-challenge.$domain 60 TXT $keyauth - send - EOF - wait 10 - print -p "$type $domain $token" - done - wait - for domain in `echo $domainlist`; do - nsupdate -4l -k $nsupdate_key &lt;&lt;-EOF - zone $zone - update delete _acme-challenge.$domain TXT - send - EOF - done -done &gt; /var/log/acme.log -</code></pre> - -<p>this script is under the same licence as the rest of my site (Creative Commons Zero) and is free to redistribute and modify. let me know if this has been of any use to you.</p> -</main> - </body> -</html> diff --git a/out/blog/are-passwords-the-right-solution.xht b/out/blog/are-passwords-the-right-solution.xht @@ -1,106 +0,0 @@ -<?xml version="1.0" encoding="UTF-8"?> -<!DOCTYPE html> -<html xmlns="http://www.w3.org/1999/xhtml" lang="en-GB"> - <head> - <title>are passwords the right solution? – wowana.me</title> - <link rel="stylesheet" type="text/css" href="/opal.css"/> - <link href="/blog/feed.atom" type="application/atom+xml" rel="alternate" title="Blog Atom feed"/> - <meta xmlns="http://www.w3.org/1999/xhtml" name="viewport" content="width=device-width, initial-scale=1"/> - </head> - <body> - <div class="sidebar-holder"> - <header class="sidebar"> - <img class="avatar" src="https://seccdn.libravatar.org/avatar/bb7163135b77def7691f06a4e295f3d4?s=290" alt="Libravatar"/> - <h1><a class="nolink" href="/">opal</a></h1> - <p class="subheader">wowaname</p> - <nav class="topnav"> - <ul> - <li><a href="/about.xht">about</a></li> - <li><a href="/blog/">blog</a></li> - <li><a href="/contact.xht">contact</a></li> - <li><a href="/donate.xht">donate</a></li> - <li><a href="/git/">git</a></li> - <li><a href="/pgp.xht">PGP</a></li> - <li><a href="/files/">files</a></li> - <li><a href="/permalink.xht">permalink</a></li> - <li>content is <a href="https://creativecommons.org/share-your-work/public-domain/cc0">public domain</a> unless otherwise noted</li> - </ul> - </nav> - </header> - </div> - -<main> -<h1 id="are-passwords-the-right-solution%3F">are passwords the right solution?</h1> - -<time datetime='2018-01-09T10:51:38+0000' title='2018-01-09T10:51:38+0000'>2018 Jan 09</time> - -<p>[I have lacked motivation to write anything lately, but this week marks the beginning of my spring college semester, so I figured I'd force myself back into a schedule.]</p> - -<p>a month or two ago I read <a href="https://dropsafe.crypticide.com/article/9481">an article by Alec Muffett</a>, where he attempted to defend password authentication as possibly the only viable online security solution. I even sent him an E-mail asking him to reconsider some of his thoughts toward passwords:</p> - -<blockquote> - <p>[...] I came across your opinion -on password use [4] and I have to disagree with you. My issue with -passwords (as they are currently widely implemented) is that the -password has to be sent to the server verbatim, and it is up to the -server to safely handle this password (hashing it and making sure memory -where passwords are handled is promptly cleared, in case of -vulnerabilities in the server that allow reading memory), and it is up -to both the user and the server to initiate a secure connection so that -password eavesdropping is infeasible. I favour PKI, challenge -authentication, and other mechanisms which do not require any -transmission of a private key or passphrase over plaintext to the -server. This places the burden of security on the user and on the -PKI/challenge protocol itself, which I believe to be much safer than -having to place the burden on all of the user, server, and transmission -medium. Please consider these points and perhaps revise your decision on -claiming that passwords as they are used today are a sound security -mechanism.</p> -</blockquote> - -<p>so already, that explains half my stance on passwords off the bat. I do favour PKI -- I use elliptic curve keys for all SSH connections and disable password authentication, and I would use similar authentication for websites if it was an option. to me, it makes more sense to have a file or files tied to each device I own, and should that device be compromised, I can simply log in from another device and revoke the now-insecure key. this allows for finer-grained access control than I would have with passwords: for example, right now I would have to reset my password if I logged in even once on an untrusted public computer. granted, I would have to use a temporary key for a public computer, stored on something such as a USB drive, but at least I wouldn't have to change the key on each device I own. it's a different story if you have a remarkable memory and can memorise random passwords with ease, but a lot of people including myself cannot or will not trust our memory to this task.</p> - -<p>I have more faith in <abbr title="two-factor authentication">TFA</abbr> than I do in plain passwords. to save myself from reiterating ideas I have already typed (again) I will cite my response to the <a href="http://answerstedhctbek.onion/227514">Hidden Answers question <q>What and how much credentials do you save in KeePassX?</q></a> (please note this link is only accessible over Tor or this <a href="http://hiddenanswers.i2p/227514">I2P link</a>):</p> - -<blockquote> - <p>[W]e should look more into TFA. KeePass supports it to some extent (it combines a password, something you know - with a keyfile, something you have like a USB drive). It allows you a little more time to react to breached security because even if the attacker has one piece of the TFA, it will take him some time to get the other piece and actually be able to utilise that information.</p> - -<p>Weigh the differences:</p> - -<ul> -<li>Store the passwords in your head. <strong>Pros:</strong> you can't hack a brain (as far as I know). <strong>Cons:</strong> unless you have impeccable memory, you will likely formulate smaller, weaker passwords because that's all you can remember. Also, you may choose to reuse passwords more often, which is also unsafe.</li> -<li>Store the passwords on paper. <strong>Pros:</strong> you can't hack a piece of paper. Also, if you don't label the passwords (you use something like PasswordCard.org) you can be a little safer in case you lose it / someone sees it. <strong>Cons:</strong> someone can easily steal that piece of paper, and even if you use the PasswordCard, you have significantly narrowed the possible passwords for the attacker. So, if you lose that card, you're going to want to rush to change all your passwords.</li> -<li>Store the passwords in a password manager. <strong>Pros:</strong> Password managers organise your passwords and they require you to only know the master password, leaving you with less to remember. Good managers can also generate strong random passwords for you. <strong>Cons:</strong> once someone gets the master password, your passwords are all in the open and you're in big trouble unless you set up TFA for all your accounts.</li> -</ul> -</blockquote> - -<p>TFA/multi-factor authentication is a definite improvement over single-factor authentication, and only recently have I decided to add TFA to any account I could find an option to do so. I also use a combination of storing frequently-used passwords in my head and storing the rest in a password manager, which are encrypted and synchronised to Google Drive and, in effect, to my phone. that way, I have a copy wherever I go and I am as secure as possible within the confines of password management.</p> - -<p>I still believe authentication should be given more thought; there are still <em>plenty</em> of organisations that have very poor regard for security and impose artificial limits on passwords out of cost/laziness:</p> - -<ul> -<li>limits on password length or character composition,</li> -<li>storing passwords in the remote database as plaintext,</li> -<li>sending back a password over an insecure channel as <q>confirmation</q> of a password reset, and</li> -<li>requiring a user to add <q>security questions</q> to one's account (which is a huge fucking oxymoron; there's nothing secure about security questions).</li> -</ul> - -<p>if all websites agreed that these are poor practices, that would eliminate many of the issues with passwords right away. combine that with mandatory use of a secure channel such as TLS (which many sites thankfully do now), use of server-side password hashing such as bcrypt or Argon2, and user education on proper password formulation (no password reuse, no dictionary words, et cetera) and sites would be sitting pretty while not compromising compatibility with the current security ecosystem. users should know that password managers are as necessary as an Internet browser at this point, and that there are many user-friendly solutions to this already: many Web browsers even have built-in password saving and synchronisation across devices, but of course there are also solutions such as KeePass and LastPass. in fact, these points I just made are in line with Alec's article I linked at the beginning, so we're in agreement there.</p> - -<p>but what if we want to take a step further and opt for a more secure (but less orthodox) solution? let's look at the list of advantages Alec gave favouring passwords, and compare this to something like PKI:</p> - -<ol> -<li>passwords are easy to deploy <em>[and so is a PKI solution, at the cost of a temporary stage of switching from passwords to PKI. if done correctly, PKI can be abstracted to the end-user so that it is actually easier to use than passwords, and users can just click <q>generate login</q> to create a random file and save it to an internal (optionally synched) database on-the-fly.]</em></li> -<li>passwords are easy to manage <em>[... see above for why PKI would be easy to manage without the user being concerned with implementation.]</em></li> -<li>passwords don’t require identity linkage between silos – so your Google username can be different from your Skype username, can be different from your SecretFetishPornSite.com username <em>[... PKI doesn't require this either; simply generate new keys for each site you use.]</em></li> -<li>passwords are scalable – you can use as many different ones as you like <em>[... same for PKI.]</em></li> -<li>passwords can be varied between silos so that loss of one does not impact the others <em>[... see above.]</em></li> -<li>passwords don’t (necessarily) expire <em>[... still same for PKI. advanced users could optionally be allowed to set expiries for keys (just like X.509 allows), and users could at any time revoke a key from a website if it's compromised.]</em></li> -<li>passwords are the purest form of authentication via ‘something you know’, and thus ideal for the network or “cyber” environment. <em>[now, this <strong>is</strong> an actual argument for passwords. PKI is along the lines of <q>something you have</q>, but for the majority of security-conscious users, so are passwords. passwords are stored in a database or on a piece of paper (something we have) unless we have remarkable memory (more power to you) or we reuse passwords (which is wrong).]</em></li> -<li>you don’t need to pay an intermediary or third-party a surcharge just to get a new password, nor to maintain an old one <em>[... same for PKI.]</em></li> -</ol> - -<p>aside from the fact that PKI is <q>something you have</q> rather than <q>something you know</q>, it maintains many of the properties of passwords and has the added benefit of being secure by default: secret keys are not transmitted over the wire, and server database compromises would be fruitless since all keys stored are already public. end result, both users and server administrators have less to think about and worry about. there are still perfectly valid uses for passwords, but I would like for people not to fool themselves into thinking passwords are the universal solution. passwords should <em>strictly</em> be something you know rather than something you stick in a database, and you should only have to memorise a handful of passwords, instead of having to remember one password per mail account, social network account, bank account, forum account, game account, and whatever other accounts you have. passwords should be used in a local context: useful to decrypt your PKI database locally or to unlock your computer/phone quickly.</p> -</main> - </body> -</html> diff --git a/out/blog/chen-hosting-goals-and-difficulties.xht b/out/blog/chen-hosting-goals-and-difficulties.xht @@ -1,52 +0,0 @@ -<?xml version="1.0" encoding="UTF-8"?> -<!DOCTYPE html> -<html xmlns="http://www.w3.org/1999/xhtml" lang="en-GB"> - <head> - <title>Chen Hosting goals and difficulties – wowana.me</title> - <link rel="stylesheet" type="text/css" href="/opal.css"/> - <link href="/blog/feed.atom" type="application/atom+xml" rel="alternate" title="Blog Atom feed"/> - <meta xmlns="http://www.w3.org/1999/xhtml" name="viewport" content="width=device-width, initial-scale=1"/> - </head> - <body> - <div class="sidebar-holder"> - <header class="sidebar"> - <img class="avatar" src="https://seccdn.libravatar.org/avatar/bb7163135b77def7691f06a4e295f3d4?s=290" alt="Libravatar"/> - <h1><a class="nolink" href="/">opal</a></h1> - <p class="subheader">wowaname</p> - <nav class="topnav"> - <ul> - <li><a href="/about.xht">about</a></li> - <li><a href="/blog/">blog</a></li> - <li><a href="/contact.xht">contact</a></li> - <li><a href="/donate.xht">donate</a></li> - <li><a href="/git/">git</a></li> - <li><a href="/pgp.xht">PGP</a></li> - <li><a href="/files/">files</a></li> - <li><a href="/permalink.xht">permalink</a></li> - <li>content is <a href="https://creativecommons.org/share-your-work/public-domain/cc0">public domain</a> unless otherwise noted</li> - </ul> - </nav> - </header> - </div> - -<main> -<h1 id="Chen-Hosting-goals-and-difficulties">Chen Hosting goals and difficulties</h1> - -<time datetime='2018-03-05T04:29:31+0000' title='2018-03-05T04:29:31+0000'>2018 Mar 05</time> - -<p>since late 2015, I have hosted the website Hidden Answers <a href="http://answerstedhctbek.onion/">accessible via tor</a> <a href="http://hiddenanswers.i2p/">and i2p</a>. the Hidden Answers administrator was upset by the constant downtime of Freedom Hosting 2 and was seeking another host. shortly after I decided to offer my hosting to anyone interested, thus starting <a href="http://chchchiasaeljqgs.onion/">Chen Hosting</a> (available on i2p as <a href="http://chen.i2p/">chen.i2p</a>). I wanted to do this both to learn more about web hosting, and to earn some cash while in college. two years in hidden service web hosting has given me plenty of time and experience that I can share with others.</p> - -<p>to start off with the upsides, I have definitely learned a fair share about shared web hosting, software, and configuring everything for security, performance, and ease of deployment. I have been able to perform unorthodox installs of popular web software such as WordPress, Question2Answer, and MediaWiki (one shared install for all users). I have partitioned off access between users and services as best I could without the use of fully-virtualised containers, by way of hardened chroots (thanks to grsecurity), process separation (a php-fpm pool per user), and proper file permissions. I have made sure that the real server IP address could not be leaked under any circumstance. on top of this, I have met a handful of people whom I would consider to be good friends by now.</p> - -<p>on the flip side, a lot of frustration has come out of web hosting, especially for the niche market in Tor and I2P. obviously, I have to deal with a lot of scammers, trolls, and difficult people. I cannot count with my fingers alone how many times someone has requested a website and never ended up paying for or using it; most people simply run out of patience, apparently. this makes it very difficult to find the motivation to improve my services for current and new customers; it seems like nobody cares enough. in fact, as of the time I am writing this blog post, I have this on the Chen Hosting website:</p> - -<blockquote> - <p>Chen Hosting is causing me more of a headache than I can handle right now. I'm busy with school and personal projects (and soon, hopefully a part- or full-time job in IT) and the requests for websites I get are rarely serious. People abandon their sites and I'm not making any real money off it.</p> -</blockquote> - -<p>other issues I have come across with hosting: the Tor network itself. most of the traffic I receive for Hidden Answers is automated, and some of the automated traffic is very malicious in nature, causing the server's load to spike and performance to drop, at times causing the whole server to be unavailable for legitimate users. on top of that, I have witnessed Tor become unresponsive or crash for unexplainable reasons; I can only assume these are other attacks on the network or on my onion sites. I have tried to find suitable log-monitoring solutions, but this is an exasperating process and I finally just hacked everything together enough that it would <q>just work,</q> not too concerned with whether it was at optimal performance. also, while I have always preferred I2P over Tor for its hidden service support, it doesn't come without its own share of issues: the main implementation is in Java, and the C++ implementation still has a way to go before it is feasible for a live production server.</p> - -<p>if I had an interested customer base, I would be able to find the motivation to improve my services to support all major CMSes and web softwares, to spawn a robust ticket and newsletter system, to expand to clearnet hosting, to build a real community and set a precedent for anonymous and secure hosting. sadly, my efforts are now going unnoticed, and it sort of disheartens me that something I spent this much time on has not proven itself to be too useful. I would love to continue putting effort into <q>the best</q> professional shared hosting setup, with proper log monitoring and statistics, tight engagement with customer base and surrounding Tor/I2P community, contribution to free software, and embodiment of free speech. maybe I could have placed effort into decentralised solutions as well, in order for people not to rely on a single entity -- such as myself -- for their web hosting. but apparently I will not end up doing this because there is no demand for it. people are perfectly content with half-assed solutions that we have now, and I cannot for the life of me understand why.</p> -</main> - </body> -</html> diff --git a/out/blog/federated-social-networking.xht b/out/blog/federated-social-networking.xht @@ -1,206 +0,0 @@ -<?xml version="1.0" encoding="UTF-8"?> -<!DOCTYPE html> -<html xmlns="http://www.w3.org/1999/xhtml" lang="en-GB"> - <head> - <title>federated social networking – wowana.me</title> - <link rel="stylesheet" type="text/css" href="/opal.css"/> - <link href="/blog/feed.atom" type="application/atom+xml" rel="alternate" title="Blog Atom feed"/> - <meta xmlns="http://www.w3.org/1999/xhtml" name="viewport" content="width=device-width, initial-scale=1"/> - </head> - <body> - <div class="sidebar-holder"> - <header class="sidebar"> - <img class="avatar" src="https://seccdn.libravatar.org/avatar/bb7163135b77def7691f06a4e295f3d4?s=290" alt="Libravatar"/> - <h1><a class="nolink" href="/">opal</a></h1> - <p class="subheader">wowaname</p> - <nav class="topnav"> - <ul> - <li><a href="/about.xht">about</a></li> - <li><a href="/blog/">blog</a></li> - <li><a href="/contact.xht">contact</a></li> - <li><a href="/donate.xht">donate</a></li> - <li><a href="/git/">git</a></li> - <li><a href="/pgp.xht">PGP</a></li> - <li><a href="/files/">files</a></li> - <li><a href="/permalink.xht">permalink</a></li> - <li>content is <a href="https://creativecommons.org/share-your-work/public-domain/cc0">public domain</a> unless otherwise noted</li> - </ul> - </nav> - </header> - </div> - -<main> -<h1 id="federated-social-networking">federated social networking</h1> - -<time datetime='2019-07-12T07:10:27+0000' title='2019-07-12T07:10:27+0000'>2019 Jul 12</time> - -<p>like it or not, social networks are part of the Internet's evolution to -serve our non-topical communication needs, focusing on people more than -content, unlike newsgroups and forums. alas, while myspace and facebook -and twitter took off, they have proven to eventually fail (in myspace's -case) or become too big to care for their users. facebook and twitter -regularly take it upon themselves to curate content in an effort to -appease their advertisers, and perhaps secondarily to appease the -political opinions of their own staff members. personally, I've never -been a huge player in the social networking game, but twitter did catch -my eye a while ago for being a place for me to discover people, follow -content that is interesting to me, and of course, participate in -discussions with a bit of shitposting here and there. a few years back, -in 2015, I have noticed the effect of the above issues I mentioned, with -accounts I follow gradually being picked off by twitter's moderation -team, until finally in 2016 I simply <em>retweeted</em> someone's post and -received an account termination for it. twitter goes far and hard for -its advertisers, and because my retweet directly affected the reputation -of such a business partner (well, I can only guess they were partnered -if it came to this extreme), the platform didn't mind at all to -sacrifice me and a few others to ensure their reputation. I will not go -into additional detail with my incident specifically, because it is no -longer terribly relevant, but just note that there's a reason for -accounts to pop out of existence all the time on twitter, and it isn't -always because people are spamming others' mentions or sharing illegal -pictures.</p> - -<p>if that's enough convincing for you that we need a better social -networking platform to offset twitter, instagram, and the like; good -news, because there exists a microblogging-style social network that -goes beyond just one domain, just one company, just one set of policies. -<strong>meet the fediverse</strong>: the result of years of collaboration to provide -an open protocol and several software implementations, to solve the -issues inherent in conventional social platforms. I've personally been -hosting an instance (at <a href="https://anime.website/">anime.website</a>) for a -bit over a year now, and I can confidently say it is a suitable twitter -replacement for me. my timeline doesn't feel empty, I see many -interesting and unadulterated discussions because people feel welcome to -exchange their personal beliefs, and I myself don't have to worry about -being deplatformed or holding my content hostage to a corporation who -doesn't give a shit about me.</p> - -<hr /> - -<p>as good as the fediverse is, many misconceptions have floated around, -especially since the introduction of the Mastodon implementation of -fediverse software. while I don't particularly like Mastodon itself -(it's resource-heavy and hard to install, according to many people, and -it restricts users' freedom to configure instances to their personal -liking), this has no bearing on my opinion toward the project lead -himself, Eugen Rochko. his motives have been clear for a long time that -his goal isn't necessarily to promote a free (as in freedom) social -experience, but instead to offset other platforms that he claims -harbours <q>nazis</q>. what this means to the rest of us, is that he (on -behalf of Mastodon) spreads his idealised view of what the fediverse -should be, which in turn confuses many new people trying out the -platform for themselves. essentially, he has taken something that was -not his original idea, slapped his name on it, and tries to -retroactively mould the fediverse to his liking. this fact alone should -not deter anyone from using the fediverse, but it should serve to -prepare you for the inevitable drama that incurs from this.</p> - -<p>I have my own idealisation of the platform, but I know that not everyone -shares my opinions. since I have a history on twitter, some of the -features introduced in fediverse software make little sense to me. for -example, I am a vocal opponent of the <q>federated timeline</q> which -essentially serves as a dumping ground for all posts an instance -receives, whether or not you directly follow those users. many claim -it's an important discovery mechanism, but given my time on twitter, -it's apparent to me that full-text search, potentially a tagging system, -and other discovery methods such as retweeting (<q>repeating</q> or -<q>boosting</q> in fediverse nomenclature) are just as effective to find -accounts that may interest me. from experience, I have seen the -federated timeline cause more issues by attracting spam and trolls to my -comments; which have a far less likely chance of happening had I only -kept my exposure to my followers and to any participants in my threads.</p> - -<p>I also hold a controversial belief that per-post privacy settings are -beneficial to the network. the way they are currently implemented leaves -a lot to be desired, but I have made my twitter account private out of -necessity before, and I understand the desire to limit a profile's -exposure and allow a curated list of people who can view my content. the -per-post privacy adds flexibility to twitter's feature, making it so I -can make some or none of my posts completely private. I mention this -because it's another topic you may see discussed soon after involving -yourself in the fediverse.</p> - -<p>with all that said, I encourage you to try the fediverse out for -yourself if you can't get the twitter impulse out of you, or if you just -want to see what the buzz is about. plenty of people, plenty of -interests, plenty of beliefs, all talking to one another on a robust -platform, a platform not controlled by any one party. like E-mail, if -you disagree with how one server operates itself, you can easily pack up -and move to another server. nobody can <q>ban you from the fediverse</q> -(but this is not an invitation for you to test anyone's patience). -intelligent discussion, shitposting, image sharing, news, politics, -personal issues – the firehose of content, the lack of curation has been -a big reason for me to stick around, because it's always something new -every day.</p> - -<p>if you're keen to try it but don't know where to start out, I have taken -the time to write <a href="/fediverse.xht">a page dedicated to the fediverse</a>, -complete with a table of instances that gladly take in new users and are -transparent about their own moderation and federation policies. sadly, -mainly due to how Mastodon gained its popularity, we see a lot of -<q>instance blocklists</q> akin to the account blocklists on twitter, -which serve to prevent federation between instances that disagree with -one another's policies. while I admit, this is a useful tool to be able -to separate oneself from spam instances, for example; it has become a -much-abused feature, effectively censoring a lot of legitimate users and -content, and making the fediverse more difficult to understand for new -users. indeed, this is enough of a barrier to entry that many people -leave simply for all the drama and controversy these decisions foster. </p> - -<hr /> - -<p>I'd also like to share my personal code of etiquette, a set of standards -I hold myself to and expect from others who interact with me, simply -because it makes the most sense to me from my experiences with -microblogging. I model anime.website's rules after my own standards -while still giving people the freedom to be wrong. ;)</p> - -<p>I believe that microblogging (and in extension, the fediverse) should -predominantly be a <q>pull</q> medium rather than a <q>push</q> one, -meaning I should be able to control what I see by following and -unfollowing people. thus, many issues should be solvable simply by -unfollowing anyone with whom I no longer want to interact. should -outliers exist, muting and blocking are suitable to get persistent -people out of my mentions. this <q>pull what I want</q> mentality -contributes to my opinion that the federated timeline is unnecessary. -but, others (for example on anime.website) find the federated timeline -useful, but I treat it as an unmoderated, uncurated feed, so if users -have any issues with what they see on the federated timeline, I will -simply tell them to steer clear of it to avoid further issues.</p> - -<p>the above attitude allows people to talk about what they want, and it -allows others to expose themselves to that content voluntarily. this -eliminates a need for most moderation and allows my rules to be -succinct: I do not allow spam or illegal content, or anything that could -jeopardise the service for the rest of my users and myself. users may -join my instance even if I disagree with them; I simply will not follow -their content. this makes my life <em>much</em> easier as I can be a user first -and a moderator second.</p> - -<p>while trigger warnings (dubbed <q>content warnings</q> by the Mastodon -crowd) have been introduced into the fediverse, I personally only see -them as a hinderance and an antifeature. again, on twitter I have never -had a problem as long as I follow the right people. I understand that I -may not agree with all content presented to me, but I'd like to think -I'm able to ignore what I don't like. content warnings operate far too -much on trust; I have to entrust that everyone will share my idea of -objectionable content, and that is simply an unrealistic goal. and while -some people find such warnings useful, they impact those who see them as -a distraction, as out of place, as an additional step to click through -someone's content. while much software (including Pleroma) allows these -warnings to be expanded by default, and people are working on new -potential solutions to the issue, I believe it will always be an -imperfect addition in fediverse software.</p> - -<p>and lastly, should you decide you want to follow me on the fediverse -once you've made your own account and gotten comfortable, be aware that -I post about a lot of things and publish all types of images and media. -if you find anything objectionable to the point you think less of me, I -ask that you simply do not follow me, rather than trying to suggest that -I change what I say. I made my own instance to <em>get away from</em> being -told what I can and cannot say; I understand my actions and words have -consequences but chances are I won't be receptive to any content -policing.</p> -</main> - </body> -</html> diff --git a/out/blog/feed.atom b/out/blog/feed.atom @@ -1,1329 +0,0 @@ -<?xml version="1.0" encoding="utf-8"?> -<feed xmlns="http://www.w3.org/2005/Atom" xml:base="https://wowana.me/"> - <title>opal's weblog</title> - <link href="/blog/" rel="alternate"/> - <link href="/blog/feed.atom" rel="self"/> - <id>/blog/</id> - <updated>2019-12-08T01:21:53+0000</updated> - <entry> - <title>testing patches made to bashblog script</title> - <link href="/blog/testing-patches-made-to-bashblog-script.xht" rel="alternate" type="application/xhtml+xml" /> - <id>/blog/testing-patches-made-to-bashblog-script.xht</id> - <published>2017-12-21T21:08:11+0000</published> - <updated>2017-12-21T21:08:11+0000</updated> - <author><name>opal hart</name></author> - <content type="xhtml"> - <div xmlns="http://www.w3.org/1999/xhtml"> -<p>since I'm using a linux desktop now in place of my windows 8.1 laptop, I can now sanely use linux commands such as gpg and rsync (and the bashblog script itself) to locally sign my posts and transmit them to my server with minimum effort. the <a href="https://github.com/cfenollosa/bashblog">original bashblog script</a> relies heavily on GNUisms especially in the <code>date</code> command, therefore requiring a little effort to adapt to alpine linux (which uses busybox and not coreutils) and the inability to use some of these odd GNU requirements. I wish people would pay attention to compatibility; everyone seems to focus only on GNU and BSD and completely forgets about POSIX standards and requirements.</p> - -<p>anyway, this post should be signed (click <q>PGP signature</q> near the top of this post to get a markdown version of the article along with the appended PGP signature). I will manually sign previous blog posts as well, for completeness.</p> - </div> - </content> - </entry> - <entry> - <title>guess I&#39;m done with Discord</title> - <link href="/blog/guess-im-done-with-discord.xht" rel="alternate" type="application/xhtml+xml" /> - <id>/blog/guess-im-done-with-discord.xht</id> - <published>2019-08-15T23:57:49+0000</published> - <updated>2019-08-29T09:57:38+0000</updated> - <author><name>opal hart</name></author> - <content type="xhtml"> - <div xmlns="http://www.w3.org/1999/xhtml"> -<p>I'll let the E-mail ticket do most of the talking:</p> - -<blockquote> - <p>Hi,</p> - -<p>Today I received a prompt to verify my account with a phone number [1], -which is the first time I have ever encountered this message in the -entire time I've had my account (created 2017 Jan 09 according to my -password manager). My account opal#6614 has a verified E-mail address -(the one I'm sending this message from) and two-factor authentication. -As I have mentioned in a prior support request, I use Tor to access -Discord, both on my desktop and my phone.</p> - -<p>I refuse to provide phone verification as I believe it is Discord's -fault for flagging my account even though I've never had an issue -following terms of service. I do not spam, I do not upload content -against terms of service (even though I disagree with the list of -banned content), and I have never used this or other accounts to evade -bans or other limitations. The reCAPTCHA upon login was insulting -enough, and now being asked for a phone number is an even bigger spit -in my face. The only thing I can think of that may have triggered -Discord's crappy anti-spam detection, is the invite I sent to a user -for my newly-created guild. That, and the fact I just so happen to be -using Tor when sending the invite. Because, everything else about the -invite was fine: I have been friends with the user I invited, and I did -not spam the user (or any other users for that matter) whatsoever.</p> - -<p>Please make it so: -1. Discord's anti-spam isn't so anal, -2. my account (and other accounts in good standing and with proper 2FA) -is exempt from such checks, and -3. I don't have to solve a Google reCAPTCHA for an account I have taken -every step to protect against bruteforcing. Using Tor is not a crime; -don't treat it as such.</p> - -<p>I'm tired of Discord's attitude toward things like this and I'll sooner -abandon my account and uninstall the app if I am unable to access my -account. I will recommend all my friends to migrate to a more suitable -platform if this continues, too. I am not part of Discord Hype Squad -for very good reason; Discord has shown to be hostile toward FOSS and -privacy for a while now.</p> - -<p>[1]&lt;<a href="https://pl.wowana.me/media/0bf9e6e5cb428f89596e9d217f281d4f054895c85a3450a5b7fb2d876e8f6bc1.png">https://pl.wowana.me/media/0bf9e6e5cb428f89596e9d217f281d4f054895c85a3450a5b7fb2d876e8f6bc1.png</a>></p> - -<p>Thanks,</p> - -<p>wowaname &lt;<a href="https://wowana.me/pgp.xht">https://wowana.me/pgp.xht</a>></p> -</blockquote> - -<p>reply:</p> - -<blockquote> - <p>Hi opal,</p> - -<p>Thanks for reaching out!</p> - -<p>Sorry to hear that you're walled out of your account. I just checked with my team, and upon review of your account, it appears that our system's detection system has triggered successfully and we will not be removing the phone verification requirement on your account, and you'll be required to register a phone number to your Discord account in order to continue the use of it.</p> - -<p>It's possible that our system detected that you were using a VPN or proxy that was shared with other bad actors, which is why our system flagged your account. However, for privacy reasons, we're not able to share the specifics of the inner workings of our system.</p> - -<p>I understand that you put privacy above all else, however, we won't be able to remove the phone verification prompt and you really need to use a phone number to get back into the account. Just a heads up, if you're currently using a VOIP or landline number, unfortunately, VOIP and landlines are not compatible with our verification system.</p> - -<p>Otherwise, if you have recently attempted to verify this number already, our system will put a timeout on a number from being used again for anti-abuse purposes, and unfortunately, you will need to wait for the end of the timeout to use the number once more or use a different number to verify the account. Sadly, because the system automatically detects and generates a timeout period when a phone number has been used multiple times to verify an account, there is no exact ETA for when the number will be able to used to verify another account.</p> - -<p>If that's not the case, let me know what number you're trying to register and I'll be more than happy to double check in our system.</p> - -<p>Best, -Devemer</p> -</blockquote> - -<p>my reply:</p> - -<blockquote> - <blockquote> - <p>upon review of your account, it appears that our system's detection -system has triggered successfully and we will not be removing the -phone verification requirement on your account, and you'll be required -to register a phone number to your Discord account in order to -continue the use of it.</p> - -<p>It's possible that our system detected that you were using a VPN or -proxy that was shared with other bad actors, which is why our system -flagged your account. However, for privacy reasons, we're not able to -share the specifics of the inner workings of our system. </p> -</blockquote> - -<p>I've been accessing Discord with Tor just fine for several months now. -How in the hell is my account suddenly a threat to Discord?</p> - -<blockquote> - <p>I understand that you put privacy above all else, however </p> -</blockquote> - -<p>No, you don't understand. I will <em>not</em> give any phone number for -verification. I am treated like an abuser of the Discord service, I am -singled out for my use of Tor. I take this personally. If Discord blocks -Tor, then clearly you do not want to see me as a user. I will do my best -to find an alternate platform with a user interface my friends and other -peers are comfortable with. Discord has never held a monopoly over chat -and voice, and it never will. An alarming amount of your userbase is -vocally unhappy with Discord just as I am, as I have noted from many -conversations across several guilds.</p> - -<p>I've enabled 2FA, I rotate my passwords at least once a year, I do not -engage in password reuse, I choose strong passphrases, I verified my -E-mail. Discord will not bully me into solving reCAPTCHAs as free labour -for Google, nor will it bully me into providing a phone number. If you -or any other representative/specialist will not override this asinine -"detection system" despite this abundant evidence that I am not a bad -actor, then it's simple, I will leave Discord. I've tolerated all of -Discord's other shortcomings without much protest, but I will not stoop -any lower to remain on the platform.</p> - -<p>Unless you can refer me to someone who can look into this given the -<em>context</em> of my account, this will be my last reply. I will be making -this message thread public, in the interest of other current and -potential Discord users.</p> - -</blockquote> - -<hr /> - -<p>in a nutshell, unless Discord has a change of heart and allows me access -to my account, I will cease to use its service. chances seem slim, -though, especially considering they shot down my suggestion to remove -reCAPTCHA puzzles from the login form, even when 2FA is active on the -account in question.</p> - -<p>I will be communicating with a couple communities with which I'm -involved to explain that I am unable to use Discord, and with any luck, -we can explore user-friendly alternatives together.</p> - </div> - </content> - </entry> - <entry> - <title>wowana.me now on git (and hosted on my laptop)</title> - <link href="/blog/wowaname-now-on-git-and-hosted-on-my-laptop.xht" rel="alternate" type="application/xhtml+xml" /> - <id>/blog/wowaname-now-on-git-and-hosted-on-my-laptop.xht</id> - <published>2019-06-05T02:53:09+0000</published> - <updated>2019-06-05T03:15:47+0000</updated> - <author><name>opal hart</name></author> - <content type="xhtml"> - <div xmlns="http://www.w3.org/1999/xhtml"> -<p>my blog has long been overdue for a new post, so here goes nothing. I -haven't been writing lately for several reasons: the main one being that -I've had difficulties with bashblog. also, of course, I have been busy -with many things in the past few months, some of which I will cover in -later posts. I have a lot to write about in the coming months; I'll try -to get through it all when I have spare time.</p> - -<hr /> - -<p>so, bashblog. from my <a href="/blog/testing-patches-made-to-bashblog-script.xht" title="“testing patches made to bashblog script”">previous post about it</a>, I described some of -the changes I had to make to it for my own use. with my new patches, I -found that editing old articles is almost impossible without incurring a -headache, so my plan was to rewrite the entire script. and since I'd be -rewriting it, might as well do it in a language I'm more comfortable -with: perl. that wass a big project I kept putting off, until one day I -thought, "shit, why am I not managing it with a makefile?"</p> - -<p>why use <code>make</code>? I first learned proper use of the utility, as well as -how to write a proper makefile, when working on my chat client, -<a href="https://git.volatile.bz/wowaname/achlys" title="wowaname/achlys Git repository">achlys</a>. I wanted to avoid anything such as automake or cmake due -to their complexity, so despite lack of a clear makefile introduction, I -went for it anyway, to my success. in addition to its usefulness for -building C and C++ projects, it's also useful for its core purpose: -smart file-dependency tracking. this is what makes it perfect for a -website; the fact that I can write my entire site's content in markdown -(what I've already been doing with my blog articles), write a few -wrappers to generate the boilerplate HTML, and have it <em>only</em> touch -files that would be updated. if I write an article like I'm doing now, I -just save it, run <code>make</code> (and <code>make check</code> to ensure the output is -conformant XHTML, before I push a broken copy of my website live), and -it'll touch just this page, the blog index, and the atom feed. if I -decide I want to add a link to the site sidebar, I can just modify the -header template and <code>make</code> will generate my entire site. this has the -nice side effect of avoiding server-side includes as well. now I don't -have to worry about a lot of things; I can focus on writing content.</p> - -<p>since it's all backed by git, I have a few benefits from this. I no -longer have to sign blog posts individually; I let git take care of -signed commits for me. this way, you can not only verify the post, but -any edits I make as well. it's all preserved in the commit history for -complete transparency, and for something like a mostly-static, -archive-quality website, I find this invaluable. I also get natural -backups of my site. of course there's the live site copy accessible over -http, but also I get to keep a working copy on my desktop, which allows -me to use the editing tools with which I'm comfortable, instead of being -limited to whatever my server has. I don't like installing too much -cruft on any server; the bulk of my convenience programs (such as vim) -are at home on my desktop.</p> - -<p>you can clone <a href="https://wowana.me/git/wowana.me.git">https://wowana.me/git/wowana.me.git</a> if you're interested -in how I generate my site, if you want an archived copy (of the public -portions) of my website, or if you want to mirror the site elsewhere -(just be kind and link back to <a href="https://wowana.me/">https://wowana.me/</a>, please). I will -soon provide access to my other projects on wowana.me as well as a -mirror on git.volatile.bz, and I will provide cloning instructions on -wowana.me for repositories, since I will not expose these repositories -using an interface such as cgit or stagit. I am not really a fan of -allowing code to be indexed over HTTP; anyone who is truly interested in -my code can clone the repository directly. I will also provide release -tarballs for certain projects (such as achlys) for those who do not have -ready access to git on their system.</p> - -<hr /> - -<p>while you may have noticed I have been making changes to my website (the -<a href="/blog/">blog index</a> received a makeover, for example, and web pages now -have file extensions exposed), I have also made less-visible changes. -one thing of note is that I am now hosting wowana.me on my laptop. I am -using <a href="https://git.volatile.bz/wowaname/quark" title="wowaname/quark Git repository">quark</a> HTTP server written by some of the people over at -<a href="https://suckless.org/" title="suckless.org">suckless</a>, complete with a few bug fixes and modifications for my -personal use (potentially more fixes as time goes on). quark is <em>very</em> -lightweight, clocking in at just under 3mb memory usage at the time of -writing this article. this setup is still served behind nginx, both to -proxy my home IP since I still do not have an ISP suitable for hosting -directly from home, and to cache requests in order to reduce load on my -laptop. also, there are a few nginx-specific rewrites I have for my -site, and I cannot yet find a good way to replace these. so for now, -nginx still plays a role in my website, and that's fine since I use it -for other sites anyway.</p> - -<p>I am looking forward to fully self-hosting wowana.me and all services -located on my domain, to reduce my dependency on third-party hosting. -it's my definitive home on the internet, so I may as well make it -completely mine.</p> - -<p>I also hope that others see the simplicity in what I'm doing here, and -consider moving away from complex website frameworks, opting to roll -their own in a similar fashion to what I am doing. I understand that not -everyone may be a programmer or a web developer, but I believe that -there are certain tools all of us need to know about, so that we can -make the most out of our computers and our time. I can finally manage my -site in a sane manner, visualise all its components, know exactly what -will show up on the live site, because I am in control of every aspect -of its generation. it certainly beats writing all that HTML manually.</p> - </div> - </content> - </entry> - <entry> - <title>a musing on sharing and receiving opinions</title> - <link href="/blog/a-musing-on-sharing-and-receiving-opinions.xht" rel="alternate" type="application/xhtml+xml" /> - <id>/blog/a-musing-on-sharing-and-receiving-opinions.xht</id> - <published>2018-09-24T11:40:36+0000</published> - <updated>2018-09-24T11:40:36+0000</updated> - <author><name>opal hart</name></author> - <content type="xhtml"> - <div xmlns="http://www.w3.org/1999/xhtml"> -<p>from <a href="https://anime.website/notice/1098692">my fediverse post</a>:</p> - -<blockquote> - <p>am i perfect? no, far from it. i go out of my way to be an edgy fuck more than enough, i am quick to resort to namecalling, but overall i feel like i'm a reasonable person if you can look past that. while some people use edginess/insults to carry out their "race war now" politics, i simply use it because i'm used to it, i don't take offence to it when it's used against me, and i believe (to a fault) in "treat others how you want to be treated."</p> - -<p>except sometimes i put my edginess aside for a brief bit, and i try to discuss something maturely, without the intent to provoke. and that isn't even well-received as much as it should be, for whatever reason. people choose to be ignorant to differing opinions rather than to be openly sceptical, rather than to judge whether a new idea is acceptable, needs additional review/argument, or can be discarded safely (and ideally in an adultlike manner that doesn't end up accusing people of stuff simply because they believe in something).</p> - -<p>psychologists have a term for silencing opposition: it's a maladaptive coping response to stressors, meaning it is unhealthy in the long run and only causes more problems. the adage "you can run but you can't hide" is suitable here; you can temporarily silence dissenting opinions (or ruin your life trying to permanently silence all sources of it) instead of just taking those opinions as they are: opinions. nobody's forcing you to believe anything, and the people who do use force to spread their opinions are to be looked down upon. most of us are simply exposing others to new ideas based off our own experiences and knowledge; we're doing it in an attempt to help out but we don't always show our intent straight up, because we're naïve and believe that everyone is as open as us to new ideas and opinions.</p> - -<p>like i said, i'm flawed as fuck, but i don't believe my flaws and edginess has a profound impact on my ability to diffuse my opinions and knowledge to others out there</p> -</blockquote> - </div> - </content> - </entry> - <entry> - <title>Chen Hosting goals and difficulties</title> - <link href="/blog/chen-hosting-goals-and-difficulties.xht" rel="alternate" type="application/xhtml+xml" /> - <id>/blog/chen-hosting-goals-and-difficulties.xht</id> - <published>2018-03-05T04:29:31+0000</published> - <updated>2018-03-05T04:29:31+0000</updated> - <author><name>opal hart</name></author> - <content type="xhtml"> - <div xmlns="http://www.w3.org/1999/xhtml"> -<p>since late 2015, I have hosted the website Hidden Answers <a href="http://answerstedhctbek.onion/">accessible via tor</a> <a href="http://hiddenanswers.i2p/">and i2p</a>. the Hidden Answers administrator was upset by the constant downtime of Freedom Hosting 2 and was seeking another host. shortly after I decided to offer my hosting to anyone interested, thus starting <a href="http://chchchiasaeljqgs.onion/">Chen Hosting</a> (available on i2p as <a href="http://chen.i2p/">chen.i2p</a>). I wanted to do this both to learn more about web hosting, and to earn some cash while in college. two years in hidden service web hosting has given me plenty of time and experience that I can share with others.</p> - -<p>to start off with the upsides, I have definitely learned a fair share about shared web hosting, software, and configuring everything for security, performance, and ease of deployment. I have been able to perform unorthodox installs of popular web software such as WordPress, Question2Answer, and MediaWiki (one shared install for all users). I have partitioned off access between users and services as best I could without the use of fully-virtualised containers, by way of hardened chroots (thanks to grsecurity), process separation (a php-fpm pool per user), and proper file permissions. I have made sure that the real server IP address could not be leaked under any circumstance. on top of this, I have met a handful of people whom I would consider to be good friends by now.</p> - -<p>on the flip side, a lot of frustration has come out of web hosting, especially for the niche market in Tor and I2P. obviously, I have to deal with a lot of scammers, trolls, and difficult people. I cannot count with my fingers alone how many times someone has requested a website and never ended up paying for or using it; most people simply run out of patience, apparently. this makes it very difficult to find the motivation to improve my services for current and new customers; it seems like nobody cares enough. in fact, as of the time I am writing this blog post, I have this on the Chen Hosting website:</p> - -<blockquote> - <p>Chen Hosting is causing me more of a headache than I can handle right now. I'm busy with school and personal projects (and soon, hopefully a part- or full-time job in IT) and the requests for websites I get are rarely serious. People abandon their sites and I'm not making any real money off it.</p> -</blockquote> - -<p>other issues I have come across with hosting: the Tor network itself. most of the traffic I receive for Hidden Answers is automated, and some of the automated traffic is very malicious in nature, causing the server's load to spike and performance to drop, at times causing the whole server to be unavailable for legitimate users. on top of that, I have witnessed Tor become unresponsive or crash for unexplainable reasons; I can only assume these are other attacks on the network or on my onion sites. I have tried to find suitable log-monitoring solutions, but this is an exasperating process and I finally just hacked everything together enough that it would <q>just work,</q> not too concerned with whether it was at optimal performance. also, while I have always preferred I2P over Tor for its hidden service support, it doesn't come without its own share of issues: the main implementation is in Java, and the C++ implementation still has a way to go before it is feasible for a live production server.</p> - -<p>if I had an interested customer base, I would be able to find the motivation to improve my services to support all major CMSes and web softwares, to spawn a robust ticket and newsletter system, to expand to clearnet hosting, to build a real community and set a precedent for anonymous and secure hosting. sadly, my efforts are now going unnoticed, and it sort of disheartens me that something I spent this much time on has not proven itself to be too useful. I would love to continue putting effort into <q>the best</q> professional shared hosting setup, with proper log monitoring and statistics, tight engagement with customer base and surrounding Tor/I2P community, contribution to free software, and embodiment of free speech. maybe I could have placed effort into decentralised solutions as well, in order for people not to rely on a single entity -- such as myself -- for their web hosting. but apparently I will not end up doing this because there is no demand for it. people are perfectly content with half-assed solutions that we have now, and I cannot for the life of me understand why.</p> - </div> - </content> - </entry> - <entry> - <title>federated social networking</title> - <link href="/blog/federated-social-networking.xht" rel="alternate" type="application/xhtml+xml" /> - <id>/blog/federated-social-networking.xht</id> - <published>2019-07-12T07:10:27+0000</published> - <updated>2019-08-29T09:41:55+0000</updated> - <author><name>opal hart</name></author> - <content type="xhtml"> - <div xmlns="http://www.w3.org/1999/xhtml"> -<p>like it or not, social networks are part of the Internet's evolution to -serve our non-topical communication needs, focusing on people more than -content, unlike newsgroups and forums. alas, while myspace and facebook -and twitter took off, they have proven to eventually fail (in myspace's -case) or become too big to care for their users. facebook and twitter -regularly take it upon themselves to curate content in an effort to -appease their advertisers, and perhaps secondarily to appease the -political opinions of their own staff members. personally, I've never -been a huge player in the social networking game, but twitter did catch -my eye a while ago for being a place for me to discover people, follow -content that is interesting to me, and of course, participate in -discussions with a bit of shitposting here and there. a few years back, -in 2015, I have noticed the effect of the above issues I mentioned, with -accounts I follow gradually being picked off by twitter's moderation -team, until finally in 2016 I simply <em>retweeted</em> someone's post and -received an account termination for it. twitter goes far and hard for -its advertisers, and because my retweet directly affected the reputation -of such a business partner (well, I can only guess they were partnered -if it came to this extreme), the platform didn't mind at all to -sacrifice me and a few others to ensure their reputation. I will not go -into additional detail with my incident specifically, because it is no -longer terribly relevant, but just note that there's a reason for -accounts to pop out of existence all the time on twitter, and it isn't -always because people are spamming others' mentions or sharing illegal -pictures.</p> - -<p>if that's enough convincing for you that we need a better social -networking platform to offset twitter, instagram, and the like; good -news, because there exists a microblogging-style social network that -goes beyond just one domain, just one company, just one set of policies. -<strong>meet the fediverse</strong>: the result of years of collaboration to provide -an open protocol and several software implementations, to solve the -issues inherent in conventional social platforms. I've personally been -hosting an instance (at <a href="https://anime.website/">anime.website</a>) for a -bit over a year now, and I can confidently say it is a suitable twitter -replacement for me. my timeline doesn't feel empty, I see many -interesting and unadulterated discussions because people feel welcome to -exchange their personal beliefs, and I myself don't have to worry about -being deplatformed or holding my content hostage to a corporation who -doesn't give a shit about me.</p> - -<hr /> - -<p>as good as the fediverse is, many misconceptions have floated around, -especially since the introduction of the Mastodon implementation of -fediverse software. while I don't particularly like Mastodon itself -(it's resource-heavy and hard to install, according to many people, and -it restricts users' freedom to configure instances to their personal -liking), this has no bearing on my opinion toward the project lead -himself, Eugen Rochko. his motives have been clear for a long time that -his goal isn't necessarily to promote a free (as in freedom) social -experience, but instead to offset other platforms that he claims -harbours <q>nazis</q>. what this means to the rest of us, is that he (on -behalf of Mastodon) spreads his idealised view of what the fediverse -should be, which in turn confuses many new people trying out the -platform for themselves. essentially, he has taken something that was -not his original idea, slapped his name on it, and tries to -retroactively mould the fediverse to his liking. this fact alone should -not deter anyone from using the fediverse, but it should serve to -prepare you for the inevitable drama that incurs from this.</p> - -<p>I have my own idealisation of the platform, but I know that not everyone -shares my opinions. since I have a history on twitter, some of the -features introduced in fediverse software make little sense to me. for -example, I am a vocal opponent of the <q>federated timeline</q> which -essentially serves as a dumping ground for all posts an instance -receives, whether or not you directly follow those users. many claim -it's an important discovery mechanism, but given my time on twitter, -it's apparent to me that full-text search, potentially a tagging system, -and other discovery methods such as retweeting (<q>repeating</q> or -<q>boosting</q> in fediverse nomenclature) are just as effective to find -accounts that may interest me. from experience, I have seen the -federated timeline cause more issues by attracting spam and trolls to my -comments; which have a far less likely chance of happening had I only -kept my exposure to my followers and to any participants in my threads.</p> - -<p>I also hold a controversial belief that per-post privacy settings are -beneficial to the network. the way they are currently implemented leaves -a lot to be desired, but I have made my twitter account private out of -necessity before, and I understand the desire to limit a profile's -exposure and allow a curated list of people who can view my content. the -per-post privacy adds flexibility to twitter's feature, making it so I -can make some or none of my posts completely private. I mention this -because it's another topic you may see discussed soon after involving -yourself in the fediverse.</p> - -<p>with all that said, I encourage you to try the fediverse out for -yourself if you can't get the twitter impulse out of you, or if you just -want to see what the buzz is about. plenty of people, plenty of -interests, plenty of beliefs, all talking to one another on a robust -platform, a platform not controlled by any one party. like E-mail, if -you disagree with how one server operates itself, you can easily pack up -and move to another server. nobody can <q>ban you from the fediverse</q> -(but this is not an invitation for you to test anyone's patience). -intelligent discussion, shitposting, image sharing, news, politics, -personal issues – the firehose of content, the lack of curation has been -a big reason for me to stick around, because it's always something new -every day.</p> - -<p>if you're keen to try it but don't know where to start out, I have taken -the time to write <a href="/fediverse.xht">a page dedicated to the fediverse</a>, -complete with a table of instances that gladly take in new users and are -transparent about their own moderation and federation policies. sadly, -mainly due to how Mastodon gained its popularity, we see a lot of -<q>instance blocklists</q> akin to the account blocklists on twitter, -which serve to prevent federation between instances that disagree with -one another's policies. while I admit, this is a useful tool to be able -to separate oneself from spam instances, for example; it has become a -much-abused feature, effectively censoring a lot of legitimate users and -content, and making the fediverse more difficult to understand for new -users. indeed, this is enough of a barrier to entry that many people -leave simply for all the drama and controversy these decisions foster. </p> - -<hr /> - -<p>I'd also like to share my personal code of etiquette, a set of standards -I hold myself to and expect from others who interact with me, simply -because it makes the most sense to me from my experiences with -microblogging. I model anime.website's rules after my own standards -while still giving people the freedom to be wrong. ;)</p> - -<p>I believe that microblogging (and in extension, the fediverse) should -predominantly be a <q>pull</q> medium rather than a <q>push</q> one, -meaning I should be able to control what I see by following and -unfollowing people. thus, many issues should be solvable simply by -unfollowing anyone with whom I no longer want to interact. should -outliers exist, muting and blocking are suitable to get persistent -people out of my mentions. this <q>pull what I want</q> mentality -contributes to my opinion that the federated timeline is unnecessary. -but, others (for example on anime.website) find the federated timeline -useful, but I treat it as an unmoderated, uncurated feed, so if users -have any issues with what they see on the federated timeline, I will -simply tell them to steer clear of it to avoid further issues.</p> - -<p>the above attitude allows people to talk about what they want, and it -allows others to expose themselves to that content voluntarily. this -eliminates a need for most moderation and allows my rules to be -succinct: I do not allow spam or illegal content, or anything that could -jeopardise the service for the rest of my users and myself. users may -join my instance even if I disagree with them; I simply will not follow -their content. this makes my life <em>much</em> easier as I can be a user first -and a moderator second.</p> - -<p>while trigger warnings (dubbed <q>content warnings</q> by the Mastodon -crowd) have been introduced into the fediverse, I personally only see -them as a hinderance and an antifeature. again, on twitter I have never -had a problem as long as I follow the right people. I understand that I -may not agree with all content presented to me, but I'd like to think -I'm able to ignore what I don't like. content warnings operate far too -much on trust; I have to entrust that everyone will share my idea of -objectionable content, and that is simply an unrealistic goal. and while -some people find such warnings useful, they impact those who see them as -a distraction, as out of place, as an additional step to click through -someone's content. while much software (including Pleroma) allows these -warnings to be expanded by default, and people are working on new -potential solutions to the issue, I believe it will always be an -imperfect addition in fediverse software.</p> - -<p>and lastly, should you decide you want to follow me on the fediverse -once you've made your own account and gotten comfortable, be aware that -I post about a lot of things and publish all types of images and media. -if you find anything objectionable to the point you think less of me, I -ask that you simply do not follow me, rather than trying to suggest that -I change what I say. I made my own instance to <em>get away from</em> being -told what I can and cannot say; I understand my actions and words have -consequences but chances are I won't be receptive to any content -policing.</p> - </div> - </content> - </entry> - <entry> - <title>&#34;Learning how to learn&#34;</title> - <link href="/blog/learning-how-to-learn.xht" rel="alternate" type="application/xhtml+xml" /> - <id>/blog/learning-how-to-learn.xht</id> - <published>2018-01-23T18:42:19+0000</published> - <updated>2018-01-23T18:42:19+0000</updated> - <author><name>opal hart</name></author> - <content type="xhtml"> - <div xmlns="http://www.w3.org/1999/xhtml"> -<p>here's a verbatim essay I wrote in response to the common misconceptions held by many Tor users and <q>privacy freaks</q>:</p> - -<blockquote> - <p>You probably see advice published everywhere – guides and tutorials and lessons. People who claim to have your best interests at heart. Many people do, but at the same time many people don't. And even the people who do can make mistakes. If you don't do so already, you need to learn how to think like a scientist: always sceptical, but never driven by fear. Being able to think for yourself, weighing all information you come across for validity, is a necessary asset that people seem to overlook in their quest toward activism.</p> - -<h2 id="Know-what-you%27re-using">Know what you're using</h2> - -<p>You installed Tor because it's nice and secure. Do you know exactly how it works though? Do you know what happens if you use it wrong?</p> - -<p>I see these technologies get thrown around all the time in privacy-related conversation: Tor, VPN, PGP, Tails. And for the aspiring hackers, Kali comes up quite often. All these things are fine, but people discover them more out of haphazard curiosity than anything. They know what these things are, they know that others tell them to use these things, but they don't often know why people talk about them so much.</p> - -<p>Read up about these subjects. You don't have to do an entire research debacle on them, but you should be able to summarise to yourself what everything does and why it works. Wikipedia is a great resource; it's concise and you can always branch out to learn more if you're interested. Once you know exactly what these technologies were made for, you will be able to utilise them intelligently.</p> - -<p>I can summarise up a few common misconceptions: Tor's primary purpose is to provide a secure proxy to the Web, while I2P's is to provide an anonymous network that replaces the Web. A commercial VPN is for privacy, while Tor is for anonymity (this article explains their differences nicely).</p> - -<p>Tails and Kali are simply customised Linux distributions (these two happen to be Debian-based), meaning that I could take Arch Linux (or your favourite distro) and replicate the functionality of either, after I take the time to configure it to my liking. The reason people use Tails, Whonix, or Kali is because they trust the developers to make a system that meets their needs, and they are incapable or unwilling to configure their own system. Ultimately, the choice of operating system is up to you; there is no "best" operating system, so try various systems out until you find your match.</p> - -<h2 id="Be-sceptical">Be sceptical</h2> - -<p>Don't believe everything you see. Professionals make mistakes, amateurs make mistakes, you and I make mistakes. Even with these guides, you should use your own judgment and filter out what seems logical. I wrote this in hopes that I was making sense, in hopes that my logic was sound and worth reading. But, I can always miss important things, and I'm here to learn just as everyone else is. After reading anything, you should cross-reference with other information if you're unsure about certain points, and ultimately you should test the information against your own knowledge to see if it fits in with what you believe.</p> - -<p>Knowledge evolves; people go to sleep believing in one cause, only to wake up believing in something else. The best any of us can do is follow what our heart says, keep our wits about us, and hope that our current beliefs will lead us on a better path.</p> - -<h2 id="Lead-effectively">Lead effectively</h2> - -<p>A good leader shows power by being motivated and experienced, not by being deceptive and forceful. You gain followers by relating with them, by sharing common core values, and by educating them. People should follow you because it is their decision to do so, because they actually wish to listen to you. If someone leaves you, do not try to pull them back; it only means that they felt your group was not the best fit in terms of ideals, goals, or methods. If everyone leaves you, you may want to ask why and adjust your actions based on the response. Leaders are people too, and they're bound to make mistakes, but a good leader (and a well-formed group) can recover from these mistakes quickly and easily.</p> - -<p>With that said, leadership is bound to change. It's natural, it's seamless (in a mature group, people just know who's "in charge" simply by the way they present themselves in the group), and it fosters new ideas and a different way of approaching issues. When starting a group, don't worry about who's head; that will come naturally and by consensus. Just focus on what you, as a group, need to do, and take everyone's opinions and suggestions into account. There should be an equal level of trust placed on all group members, and if the group simply cannot trust someone then it should make a decision on whether removing the person from the group is the best move. Feelings may be hurt, but a good group is resilient to this sort of friction. The group will carry on its business and wait for the conflict to pass.</p> - -<p>Most importantly, never trust someone solely because they are a figurehead. There is a strong difference between a figurehead and a true leader, and more often than not, people will grow to oppose a figurehead once they begin learning the truth about him. A figurehead is usually defaulted into power – either by status or by money or heritage. In contrast, a leader starts out as an equal and is brought into high esteem by his peers. Both leaders and figureheads are influential, but figureheads will hardly have your best interests at heart. Figureheads will do what they need to retain power, and they will trick others into believing whatever they have to say. They rely on the power of emotion in order to convince others that certain views are correct. And once they have a following, they can dispatch whatever lies they wish, knowing that their followers will eagerly eat it up.</p> - -<p>If you think this part sounds a bit overreactionary, I apologise, but I have seen this cult-like pattern in quite a few groups, namely the social justice movement. Everyone in the movement is bound together by a common emotional appeal: they are all minorities (real or imagined) and they seek safety in their circle by rejecting outsiders and playing the role of a victim. This is a toxic, spiraling attitude that only strengthens the power of the group, and the worst part is, people who seek acceptance see this movement and think they are doing the "right thing" by promoting minorities. So, they join in, finally feeling a sense of acceptance, and they learn from others in the movement that the patriarchy is the cause of all suffering in the world. A logical person would dismiss this claim and assign the blame to real issues (sexism and racism are issues, but not in the ways that the social justice movement claims), but once you have given someone hope and reassurance, you can make them believe whatever you wish.</p> -</blockquote> - </div> - </content> - </entry> - <entry> - <title>why program efficiency [and usability] matters</title> - <link href="/blog/why-program-efficiency-and-usability-matters.xht" rel="alternate" type="application/xhtml+xml" /> - <id>/blog/why-program-efficiency-and-usability-matters.xht</id> - <published>2017-11-24T14:26:09+0000</published> - <updated>2019-06-05T03:41:13+0000</updated> - <author><name>opal hart</name></author> - <content type="xhtml"> - <div xmlns="http://www.w3.org/1999/xhtml"> -<p>in 2016 I wrote a small rant about the current downward trend of software and web development, entitled <q>Why program efficiency matters</q>:</p> - -<blockquote> -<p>Computer hardware has become faster, more efficient, and more powerful in recent years, which means programmers are not constrained as much by memory and CPU cycles. But does that mean programmers should just give up trying to make their code more efficient?</p> - -<dl> -<dt>It doesn't matter if our programs are bigger!</dt> -<dd>I don't know about you, but I enjoy extra disk space for movies and music. Just because disk space is affordable doesn't mean programmers can excuse themselves for adding unnecessary fluff to their projects.</dd> - -<dt>It doesn't matter if our code takes up more memory!</dt> -<dd>Multitasking computers have been a thing for a while now. With that said, I would like my computer to actually multitask. I shouldn't have to constantly worry about how many programs I have running in the background and how much memory they consume. Also, there are plenty of older systems running in corporate and educational environments that simply cannot handle modern (and memory-hungry) software without constantly locking up.</dd> - -<dt>It doesn't matter if our code is slower!</dt> -<dd>Speed is always a value to strive for. Any sensible person would choose "faster" if presented with two programs that perform the exact same tasks but at different speeds. -</dd> -</dl> - -<p>That said, if you have to sacrifice any of the above for security, please do so. Otherwise, if there is any way to make a program smaller or faster or more efficient, without changing the core functionality of the program, then take the time to improve in those aspects. Laziness is no excuse for a slow, fat program. At the same time, don't let yourself be consumed by trying to make your code perform better before you have even finished writing the program.</p> -</blockquote> - -<p>this applies to desktop, server, mobile, and Web software all alike:</p> - -<ul> -<li>desktop operating systems are gradually becoming more bloated and new features are half-baked (such as later versions of Windows), people using Electron to develop fucking everything now (and I'll talk about Electron on its own in a bit).</li> -<li>server software dependent on weightier languages such as node and python (<a href="https://matrix.org/">matrix.org</a> for instance). this is very problematic because servers have much more stressful demands and none of us wish to spend resources we can better use to serve end-users. every bit of RAM and every CPU cycle counts under high load.</li> -<li>mobile phones are mad useful for on-the-go matters (I'll have a blog post later, describing a smartphone's exact use compared to laptops and desktops) but they're becoming more powerful than most laptops now. many apps are Web-centric and it's quite possible that a lot of the mobile ecosystem is unoptimised: not just the apps but also the operating system and the virtual environments under which apps are designed to run.</li> -<li>the Web used to have one thing: static content. then forms were introduced, allowing for greater user interaction and ease of use. after that, javascript, and now we have full-blown HTML5+javascript applications that run in your browser. and believe me, I understand the desire to have this capability: it's cross-platform and any device with a modern browser can use your app. however, there are a few things wrong with this: HTML was not really designed to represent full-blown applications, and web developers don't pay a thought to efficiency/accessibility and they will normally take the path of least resistance to deploy their applications. I'll talk more about what I believe the Web should be used for in a later post.</li> -</ul> - -<p>I'm making this post today because someone sent me a link to a post Casper Beyer made regarding Electron, entitled <q><a href="https://medium.com/@caspervonb/electron-is-cancer-b066108e6c32">Electron is Cancer</a></q>. I'll quote some notable passages from the post:</p> - -<blockquote> - <p><q>Well, it works fine on my machine, and I only have 32 gigabytes of ram.</q> - Silicon Valley Developer, 2017</p> - -<p>If that’s you, well then that’s good for you, but just because something performs <q>well enough</q> on your machine doesn’t mean there are not any performance problems. You are not your end-users, and you if you are a developer most likely do not run average hardware.</p> -</blockquote> - -<p>^ I made this point in my 2016 rant -- people have different hardware and developers need to keep this in mind, lest they want their programs only to run on a small set of machines in the world.</p> - -<blockquote> - <p><q>Electron is so great, we did not have to hire new people we can just use your web designers that we already have in-house and it is so easy!</q> - Someone Actually Said That</p> - -<p>Okay, sure having a plumber cut out a square wheel from a plank is also a lot easier to do than having a woodworker carve a perfectly round wooden wheel, but it is gonna be one hell of a bumpy ride, and square wheels are actually fine, right?</p> -</blockquote> - -<p>^ I've seen this a lot too; people have derived from <q>do one thing and do it right</q> philosophy, both in software and in expertise (although on the expertise side of things, it helps to be well-versed in several areas so you're more valuable in a job, but usually those areas are close enough together that they complement each other. you wouldn't want that plumber performing heart surgery on you, would you?)</p> - -<p>if you have time, read Beyer's full post because it covers a lot of good points about Electron and about modern software developers as a whole. it's a rarity to find a decent dev nowadays who cares about efficiency, usability, and accessibility; and that certainly affects where technology is going as a whole. as we depend more on technology in our everyday lives (mobile, IoT, business) there is really no room for sloppy code to run in banks, hospitals, vehicles, and other mission-critical devices.</p> - </div> - </content> - </entry> - <entry> - <title>a new era for Hidden Answers</title> - <link href="/blog/a-new-era-for-hidden-answers.xht" rel="alternate" type="application/xhtml+xml" /> - <id>/blog/a-new-era-for-hidden-answers.xht</id> - <published>2018-04-13T00:55:08+0000</published> - <updated>2019-05-11T03:38:03+0000</updated> - <author><name>opal hart</name></author> - <content type="xhtml"> - <div xmlns="http://www.w3.org/1999/xhtml"> -<p>this post is specifically for users of the Hidden Answers website. if you don't know what it is, this probably isn't worth reading. still, curious people who want to help out with the website are welcome to <a href="/contact.xht">contact me</a>; any help is appreciated.</p> - -<p>for those who aren't on Hidden Answers: it's a hidden service question-answer website using the <a href="http://question2answer.org/">Question2Answer</a> software, and in similar format to Stack Exchange. it's available <a href="http://answerstedhctbek.onion/">on tor</a> and <a href="http://hiddenanswers.i2p/">on i2p</a> and currently is multilingual for English, Spanish, Portuguese, and Russian speakers.</p> - -<p>at the time of writing, new user registration is closed for a multitude of reasons. I have hopes of re-enabling registration soon, after we have fixed some long-lasting issues with the site.</p> - -<p>as users have inevitably noticed by now, there are a few issues with the site, ranging from the community to the software. the past month, the MySQL database for Hidden Answers has experienced unexplained corruption, and last week the server's disk space was completely consumed by MySQL binary logs, causing the site to be totally inaccessible. (seriously MySQL/MariaDB, why keep all logs infinitely by default? and why did nobody tell me about this before I went into web hosting?)</p> - -<p>over the past year pinochet, the website founder, has come in and out of the scene for being responsible for the site. the grunt of the website's work has been handled by both me and the dedicated moderation team. but even we aren't enough to keep the website running optimally. not only that, but mods come and go, and some of them understandably become tired of dealing with the site. and we have no idea what's going on with the multilingual sites (Portuguese HA was overrun by scammers at some point, for example). communication between all the moderators is barely established, and this causes additional strain on relationships and on the state of the website.</p> - -<p>pinochet is now long gone and only the mods and I are left to run the site. I am officially taking over the site; this is effective at the time of writing this post. that means you should write down my PGP key and you should write down my contact information (it's best to contact me over E-mail and XMPP, and <em>please</em> tell me who you are and why you wish to contact me, or I'll likely ignore you. saying <q>hi</q> isn't enough to get my attention because I deal with a lot of people and things daily).</p> - -<p>I am going to make a few assertions. before, I have made these as suggestions, but they have clearly not been enough to cause any notable change in the site. from this point on:</p> - -<ul> -<li>I <em>need</em> moderators, editors, and anyone else with an official Hidden Answers role to post their E-mail and/or XMPP address on their profile, and I <em>need</em> them to have a copy-pastable PGP key or fingerprint. no exceptions. we need to improve communication, especially since the PM system has been disabled (and more on that in the next point).</li> -<li>PMs are <em>indefinitely</em> disabled. they're a venue of abuse. they're unencrypted. I have had to look into suspicious accounts per moderator request, and each suspicious account I looked into, I found shitloads of messages breaking the website's rules. if you need to contact someone, do it off-site. do it on their public wall. PMs are useless for a question-answer site such as ours.</li> -<li>I will make my source code changes to Question2Answer available on my git. I am aware this will make the website easier to clone, but I believe this isn't an issue, since people already try to set up scam sites targeting HA users anyway. the benefit of open software development outweighs the risks, in my view.</li> -<li>we <em>need</em> a defined process to choose official roles. we need more concise roles too: -<ul> -<li>super administrator: the website owner (me, now). I can add new admins and mods, change site settings, and be the <q>last say</q> of what goes on.</li> -<li>administrator: trusted people who represent Hidden Answers probably more than I do, lift a lot of the site's weight, and can maintain relations with mods and users. I'm appointing v0h20 and Fox to this role because they have done a shitload for this site and I trust their judgment for adding new mods.</li> -<li>global moderator. their main roles will be to oversee editors and to block rulebreaking users.</li> -<li>global editor. responsible for backtracking through the older questions (at least until they're all cleaned up eventually) and recategorising, editing, closing, and selecting answers as necessary. does this for new questions and answers as well.</li> -<li>category editors. responsible for cleaning up posts under their own category and can be seen as a category expert as well.</li> -<li>emeritus. just a status for ex-mods and -admins that have stepped down from their roles voluntarily (or were inactive).</li> -<li>technical contributor. I promised a role for anyone willing to help with the code. these people contribute to Q2A updates, debugging, and security penetration testing.</li> -</ul></li> -<li>we <em>need</em> administration transparecy. moderation decisions need to be made public so we're all on the same page, and so users can criticise us if we do something wrong.</li> -<li>we <em>need</em> concrete rules and ways to deal with offences. so far, it's just been play-by-ear.</li> -<li>additional focus needs to be placed on the other HA languages.</li> -<li>additional focus also needs to be placed on supplementary shit like a showcase of frequently-asked questions, to make it easier for newbies to search.</li> -<li>anything else needs to be discussed on HA, in front of everyone, making use of the poll system I installed recently. that way, we have a more democratic approach to the site.</li> -</ul> - -<p>I'm busy with IRL shit (school semester is wrapping up for instance, I have a lot of studying to do and projects to wrap up), so anything that's broken will stay broken until I get around to it or until someone is able to help me with it. be reminded that since this is a hidden service website, I have trust issues and if you contact me anonymously, asking to help, I'll probably assume you're a malicious entity. so <em>please</em> tell me anything that can help me establish who you are. I'm not all that anonymous so I don't think I'm being hypocritical for asking you for some additional information about yourself. if you disagree with my approach, don't contact me.</p> - -<p>any issues or questions or whatever you have about any of this, please <a href="/contact.xht">contact me directly</a> so I can respond to you sooner. I check E-mail and XMPP more often than I check Hidden Answers, and I prefer those methods of contact because they are much easier for me to keep track of shit. pinochet/oqypa are out of the picture; don't use those E-mail addresses because you won't get a response.</p> - </div> - </content> - </entry> - <entry> - <title>acme-client (letskencrypt) dns-01 how-to</title> - <link href="/blog/acme-client-letskencrypt-dns-01-how-to.xht" rel="alternate" type="application/xhtml+xml" /> - <id>/blog/acme-client-letskencrypt-dns-01-how-to.xht</id> - <published>2018-09-21T16:45:46+0000</published> - <updated>2018-09-21T16:45:46+0000</updated> - <author><name>opal hart</name></author> - <content type="xhtml"> - <div xmlns="http://www.w3.org/1999/xhtml"> -<p>I just spent half my day literally yelling at the screen trying to figure out how to use <a href="https://kristaps.bsd.lv/acme-client">acme-client</a> (formally known as letskencrypt) for dns-01 challenges. there's no examples in the man page, none online, and the source code didn't help much.</p> - -<hr /> - -<p>why not <a href="https://certbot.eff.org/">certbot</a>? I've tried it, but it insists on making its own crazy filetree structure, and I needed everything contained to a single directory (more specifically, a mountpoint shared between my LXC containers, with appropriate file permissions set). why not <a href="https://github.com/lukas2511/dehydrated">dehydrated</a>? I probably could have used it, but I was attracted to acme-client for its implementation in C, portability, and minimal dependencies. I was pretty much stubborn to make it work. why not just use http-01? I run a dedicated server with containerised services and a bunch of NAT black magic, so DNS challenges allow me to create my certs in one container instead of entrusting all my containers with the task and causing more headache for myself.</p> - -<p>anyway, after digging through an issue on github and dehydrated's source, I finally had enough information in order to implement a working dns-01 script. I hope this saves someone else from spending a day like I did, and wanting to kill themselves at the end of it.</p> - -<p>I use mksh, but with a bit of editing you can translate it to POSIX sh, or just replace the shebang with bash. as you can see, I didn't really place much effort into making this pretty; I just wanted it to work.</p> - -<pre><code>#!/bin/mksh - -domains=( - 'anime.website anime.website' - 'krustykrab.restaurant bfbb.krustykrab.restaurant' - 'gentoo.today gentoo.today install.gentoo.today' - 'volatile.bz git.volatile.bz' - 'krustykrab.restaurant krustykrab.restaurant' - # ... -) -nsupdate_key=/etc/bind/ddns.key - -for line in "${domains[@]}"; do - zone=`cut -f1 &lt;&lt;&lt;"$line"` - domainlist=`cut -f2 &lt;&lt;&lt;"$line"` - echo "Updating '$domainlist' in $zone" - pemdir=/mnt/certs/`cut -d' ' -f1 &lt;&lt;&lt;"$domainlist"` - mkdir -p $pemdir - acme-client -vnNmt dns-01 -c $pemdir -k $pemdir/privkey.pem $domainlist |&amp; - while read -p type domain token; do - keyauth=`printf '%s' "$token" | openssl dgst -sha256 -binary | base64 | tr '+\/' '-_' | tr -d '='` - nsupdate -4l -k $nsupdate_key &lt;&lt;-EOF - zone $zone - update delete _acme-challenge.$domain TXT - update add _acme-challenge.$domain 60 TXT $keyauth - send - EOF - wait 10 - print -p "$type $domain $token" - done - wait - for domain in `echo $domainlist`; do - nsupdate -4l -k $nsupdate_key &lt;&lt;-EOF - zone $zone - update delete _acme-challenge.$domain TXT - send - EOF - done -done &gt; /var/log/acme.log -</code></pre> - -<p>this script is under the same licence as the rest of my site (Creative Commons Zero) and is free to redistribute and modify. let me know if this has been of any use to you.</p> - </div> - </content> - </entry> - <entry> - <title>site update</title> - <link href="/blog/site-update.xht" rel="alternate" type="application/xhtml+xml" /> - <id>/blog/site-update.xht</id> - <published>2018-03-27T01:30:09+0000</published> - <updated>2018-03-27T01:30:09+0000</updated> - <author><name>opal hart</name></author> - <content type="xhtml"> - <div xmlns="http://www.w3.org/1999/xhtml"> -<p>by the way, you may be curious as to why some of my websites were down this week. something happened to one of my VPSes so I had to reinstall the operating system and set everything back up. the new install is now enjoying Alpine Linux just like all my other boxes.</p> - </div> - </content> - </entry> - <entry> - <title>why I no longer use GitHub</title> - <link href="/blog/why-i-no-longer-use-github.xht" rel="alternate" type="application/xhtml+xml" /> - <id>/blog/why-i-no-longer-use-github.xht</id> - <published>2018-06-21T13:32:04+0000</published> - <updated>2018-06-21T13:32:04+0000</updated> - <author><name>opal hart</name></author> - <content type="xhtml"> - <div xmlns="http://www.w3.org/1999/xhtml"> -<p>I have had issues with GitHub long before the Microsoft acquisition this year. in fact, Microsoft is the best thing that could have happened to it because it's an excuse for people to leave GitHub. but for everyone who continues to use it, who has built their FOSS projects on top of its infrastructure, they need a little more motivation to move than just an acquisition scare. and the fact that these projects stay behind inconveniences me, as a FOSS contributor, especially if they outright <em>refuse</em> to collaborate outside of GitHub and they <em>insist</em> on you making an account, opening pull requests and new issues through the web interface.</p> - -<p>since I am tired of reiterating to every project the reasons I refuse to sign up to and contribute via GitHub, I feel like the best course of action is to write it all out, once, and give this article to anyone who asks. plus, maybe all my readers may find this an interesting read to perhaps rethink their decision to use GitHub for their projects.</p> - -<h2 id="GitHub-is-not-FOSS">GitHub is not FOSS</h2> - -<p>GitHub boasts its love for the FOSS community, but the site itself runs on proprietary software. if you hate double standards as I do, you may stop reading as you should be content with the answer I gave you.</p> - -<p>but really, look at GitLab in comparison. GitLab is the leading competitor and the current go-to for most people fleeing GitHub because of its similar <q>social coding</q> interface. guess what? it's FOSS, so you can take GitLab's software and run it on your own server. and from what I understand, GitLab manages to be a for-profit company despite the fact it gives away its software to the community, so why doesn't the <q>FOSS-loving</q> GitHub do it as well? it just doesn't fly with me.</p> - -<h2 id="GitHub-is-%28poorly%29-reinventing-git">GitHub is (poorly) reinventing git</h2> - -<p>git is a distributed version control system. it says that right on the tin. and it does a damn good job at being one. so why turn it into something that it isn't? I don't know, but GitHub seems happy doing away with many of the benefits of this. with plain git, I can stick my repository anywhere, give people the link to clone it, and take pull requests through mail. everyone on the Internet has an E-mail address (which is also a federated communication technology, so it's easy to see how it can be best friends with git) and E-mail doesn't lock you into a single terms-of-service agreement (I'll go in depth on that in a bit). this makes it easier for the passerby to contribute to a project, regardless where the project is hosted. no new user accounts necessary.</p> - -<p>with GitHub, E-mail is second-class and people become spoiled by the wrong way of doing things, so they insist that you do things the wrong way as well. this is called <em>vendor lock-in</em> and it's very bad especially for FOSS projects. you can witness a similar effect between <a href="https://www.blender.org/media-exposure/youtube-blocks-blender-videos-worldwide/">Blender and YouTube</a> that surfaced recently. GitHub knows it has you by the nape and can shut you down whenever they want, and it can use that to manipulate you into making decisions for your project that you otherwise wouldn't take. and GitHub knows that your project's success is imperative to its own success, since it means more people signing up to contribute, more people being exposed to its nice, incorrect, not-git interface, and thus more people becoming locked in to GitHub as well.</p> - -<h2 id="there-are-some-AUP%2FToS-loopholes%2C-and-they-%2Awill%2A-shut-you-down">there are some AUP/ToS loopholes, and they <em>will</em> shut you down</h2> - -<p>I promised I would go into detail about the terms of service. there are two clauses that are poorly worded, subjective, and ... well, loopholish in nature.</p> - -<blockquote> - <p>You agree that you will not under any circumstances upload, post, host, or transmit any content that[...] contains or installs any active malware or exploits, or uses our platform for exploit delivery (such as part of a command and control system)</p> -</blockquote> - -<p>this means that you can develop an innocuous research tool, note in your README that it must not be used maliciously and that you are not responsible for skids using your software, and still get punished. all it takes is a skid cloning your repo, pissing off the wrong people with it, and those people reporting you to GitHub. and yes, I am not making this up. I know of people who have been affected by this and I am sure you can find your own examples if you search for a bit.</p> - -<blockquote> - <p>[...]transmit any content that[...] is discriminatory or abusive toward any individual or group</p> -</blockquote> - -<p>oh, this is a fun one. this basically means that anyone can report you as long as they feel offended. I'm sure you have heard enough about this so I won't go into excruciating detail, but I will tell you that it is a <em>huge</em> loophole allowing anyone to abuse the report function to knock you off GitHub.</p> - -<hr /> - -<p>so, you may be wondering what I <em>do</em> prefer in stead of GitHub. of course you could use GitLab or software such as Gogs or Gitea, but that still has the issue of revolving around <q>social coding</q> and locking users in to specific software.</p> - -<p>thankfully, the components of GitHub, GitLab, et cetera -- they are all available standalone. personally I set up <a href="http://gitolite.com/">gitolite</a> for repository access control, <a href="https://git.zx2c4.com/cgit/">cgit</a> for a simple Web frontend, and I plan to include an issue tracker that treats E-mail as first-class rather than forcing users to create accounts (possibly <a href="https://www.bugzilla.org/">Bugzilla</a> but I'm open to suggestions). and if you are attached to your <abbr title="continuous integration">CI</abbr>s then there are probably decent FOSS solutions for that; personally I don't see myself using them that much so I don't know much about them.</p> - -<p>or, you could take advantage of the fact that there are people interested in abandoning the GitHub and social-coding ecosystems just like I am: <a href="https://drewdevault.com/2018/06/05/Should-you-move-to-sr.ht.html">sr.ht</a> is both a service that you can sign up for as well as <a href="https://git.sr.ht/~sircmpwn/legacy.sr.ht/tree/README.md">a suite of programs</a> you can set up on your own server to provide something similar to what I have described above.</p> - -<p>in the end, GitHub isn't the only thing out there for FOSS projects. nor is it the best thing. plenty of projects already spun out their own solutions, and the only presence they may have on GitHub (if any) is a simple backup mirror to their repository.</p> - -<p>I hope that my reasoning has maybe encouraged you to try to use something else for your own projects, but if not, I hope you at least understand why I no longer wish to use GitHub.</p> - </div> - </content> - </entry> - <entry> - <title>living without Discord</title> - <link href="/blog/living-without-discord.xht" rel="alternate" type="application/xhtml+xml" /> - <id>/blog/living-without-discord.xht</id> - <published>2019-09-20T14:55:27+0000</published> - <updated>2019-09-20T15:16:53+0000</updated> - <author><name>opal hart</name></author> - <content type="xhtml"> - <div xmlns="http://www.w3.org/1999/xhtml"> -<p>(okay, it's easy, and I've done it before. but since the E-mail thread -on the matter generated a lot of attention, I figured it was appropriate -to give some context in more of a prose format, as well as what I have -done to remain as a member in some communities in which I participate.)</p> - -<p>a quick chronological recap of my Discord usage:</p> - -<ul> -<li><strong><time datetime="2017-01-09">2017 Jan 09</time></strong>: I create a new -account on Discord, after having left it for a while due to being fed -up with the guilds I joined at the time. they were communities around -a video game I play, Agario, and quickly I figured out that I would -much rather play the game than get into drama within specific player -groups. by 2017 I was using Discord mostly to keep up with Twitch -communities and a variety of other video games, software projects (why -they choose Discord for their projects is beyond me), and various -communities.</li> -<li><p><strong><time datetime="2018-07-01">2018 Jul 01</time></strong>: I E-mail Discord -support because I started receiving reCAPTCHAs upon login, not for -Tor, but for using my VPS' IP address which has never been a vector -for abusive traffic nor has been blacklisted during my ownership of -the address:</p> - -<blockquote> - <p>Today I set up TOTP two-factor authentication for Discord, hoping I -could remove the E-mail confirmation and the reCAPTCHA for login. I had -to switch to a VPN IP address just now because my ISP has been unable -to resolve certain websites lately, including Discord, and so the -reCAPTCHA is giving me trouble and asking me to fill in a LOT of -captchas even though I'm sure I'm getting them right. I assume the IP -address I'm currently using is "high risk" in Google's database, but I -can't really help it.</p> - -<p>I don't have all night to fill these out just to check up on the chats -I'm in, so can you please care to explain why this extra step is -necessary for an otherwise-protected account? Other sites such as -NameCheap let me bypass CAPTCHA check if I set up two-factor.</p> -</blockquote> - -<p>Discord's response stated, <q>Right now, enabling 2FA on your account -will help you bypass the change in IP address emails for Discord, -however if we suspect suspicious activity you could still be flagged -with a Captcha.</q> I can't fairly say that I was ever suspect for -<q>suspicious activity</q> but regardless, Discord said they would -<q>pass [my] idea</q> along. to this day, it seems their login -mechanism has been untouched.</p></li> -<li><p><strong><time datetime="2018-10-04">2018 Oct 04</time></strong>: yet another -reCAPTCHA incident:</p> - -<blockquote> - <p>I want to use Firefox to access Discord now, but the reCAPTCHA is -endless and keeps telling me I have failed and that my browser is -sending automated queries. It continues to do this even if I allow all -cookies and scripts on the page (I use an addon to whitelist these for -security), and even if I disable any proxies and use my real IP -address. Audio reCAPTCHA tells me I need to try again later as well -(which seems unfair to blind users). As I have stated before, I have -two-factor authentication which should be enough to let me log in.</p> -</blockquote> - -<p>Discord would not waive their CAPTCHA requirement even still, and I -had to work around by <q>[l]ogging in from another browser, logging -out, and then logging in from Firefox</q>. as you can hopefully see by -now, I have a lot of problems simply with their login process, even -before my full use of Tor on the site.</p></li> -<li><p><strong><time datetime="2019-08-15">2019 Aug 15</time></strong>: after a long -period of Tor usage, working around the CAPTCHA issues by simply -waiting not to be served one upon login (and then proceeding <em>never</em> -to clear Discord cookies) I invite a user on my <q>friends</q> list to -a guild I had just created. almost instantly, this triggered a phone -verification prompt, which I could not bypass by using the mobile app -or another browser, even without Tor. this was not the first invite -I've sent to someone in my Discord contacts with Tor. the only -difference I can see is that my guild was less than a week old, but it -already had a few members from a public invite I sent in another -channel.</p> - -<p>you can see that E-mail exchange in <a href="/blog/guess-im-done-with-discord.xht" title="guess I'm done with Discord">my previous post</a>.</p></li> -<li><strong><time datetime="2019-08-16">2019 Aug 16</time></strong>: at least Discord -is a step above many other companies, letting me delete my account -without having login access to it. I was able to initiate the deletion -process over a support E-mail, and two weeks later, the account has -officially been deleted. people on Discord have confirmed that my -account has disappeared from the user listings.</li> -<li><strong>now</strong>: I am able to participate in certain guilds without the need -for a Discord account. I'll explain below.</li> -</ul> - -<hr /> - -<p>the E-mail exchange between me and Discord ended up on <a href="https://news.ycombinator.com/item?id=20789799">Hacker News</a> -to which it received a lot of attention, including that of a Discord -developer who claims that <q>code [his] team wrote caused [my] account -to be locked.</q> some misconceptions surfaced that I would like to -address:</p> - -<ul> -<li>yes, the tone for my E-mails was very blunt. I never degenerate to -this stage unless I am repeatedly dealing with someone's issues. it -seems to be the only way people will listen sometimes. I know E-mail -etiquette but I will not pretend to be something I am not, no matter -the medium. I am aware that customer service representatives have to -deal with a lot of shit on a regular basis, which is why I never gear -my frustrations to the representatives themselves, but instead to the -company they represent (except in some odd cases where the -representative is legitimately braindead, which hasn't been the case -for Discord).</li> -<li>some (now dead/flagged) comments suggested the usual: that I was a -criminal for using Tor, that I should use a VPN, that I was attacking -Discord even though I believe my initial blog post on the matter was -impartial, that Tor traffic somehow happened to kill their parents and -rape their kids, et cetera. I commented in the discussion already, -that I use Tor to encourage privacy awareness on the Internet. it's -less out of my own necessity for privacy (I use a normal Web browser -configured with a proxy and whatever privacy/security/anti-nuisance -tweaks I wished to include, rather than opting for Tor Browser. I -would still suggest Tor Browser for near-absolute anonymity at the -software level) and more to prove a point that yes, Tor is usable on -the Web, and yes, there is legitimate Tor traffic, especially from -censored countries and ISPs. the fact that Tor also attracts nefarious -usage is unfortunate yet unavoidable. people <em>need</em> to find other ways -of addressing issues inherent with the Internet.</li> -<li><p>the Discord employee himself suggested I purchase a burner phone for -the purpose of verifying my account. does anyone else find this -absurd? I didn't make a direct reply to him because I honestly was -getting tired of following the HN discussion, but it's odd that -developers know of ways around supplying a <q>legitimate</q> phone -number and not only don't see them as an issue, but also actively -encourage such practices.</p> - -<p>simply put, I will not pay any amount of money either directly or -indirectly for Discord. phone verification should never be a -requirement, either, since there are still people who only have -landlines (which Discord's partner Twilio does not support) or who -don't have a phone at all. and then there are the class of people who -only need/want VoIP, which as I stated in another comment, I would -eventually drop my cellular provider in favour of setting up a VoIP -phone, and then just prepaying for a data SIM, using Wi-Fi most of the -time. I believe this to be more cost-effective considering I want to -go all-out on my home Internet when I'm able to live on my own, and -given that the USA doesn't have a good choice of telcos, I can also -avoid financing those companies.</p></li> -</ul> - -<p>it isn't all bad, though. many people expressed agreement with me, -stating such things as:</p> - -<ul> -<li>while I hadn't paid for the service, it wouldn't have made a -difference even if I had paid e.g. for Nitro. others have complained -that Nitro subscribers do not receive elevated customer service. one -person stated that my mere presence on Discord helped to make it a -more viable product (however small my individual impact) and in that -way, I was actually <q>paying</q> Discord simply by using it and -strengthening its network effect.</li> -<li>Twilio's phone database is too poor and outdated to be viable for -verification, false-flagging users' phone numbers as VoIP when this is -not the case. chalk up another one for <q>phone verification is -awful</q>.</li> -<li>my tone in the support ticket was actually warranted (I was a bit -surprised to hear others side with me on this).</li> -<li>various assertions that Discord doesn't care about its userbase, that -reCAPTCHA is broken, … you know, painfully obvious things that some -people simply live with rather than avoid them. it's understandable; I -chose my own battles, and I will continue to use the Web in the manner -that I do, just to prove a point that it is possible to take the Web -back into my own hands.</li> -</ul> - -<hr /> - -<p>shortly after I requested deletion of my Discord account, I had set up -<a href="https://github.com/matrix-org/synapse">Synapse</a> for the <a href="https://matrix.org/">Matrix</a> chat protocol, where my public instance -now resides at <a href="https://matrix.volatile.bz/">https://matrix.volatile.bz/</a>. but before you make an -account on there, be warned that I provide zero guarantees for usability -or uptime. while I personally do use it, I am looking into an -alternative which would hopefully not use up so many resources and would -be more performant. so far, most (or, more accurately, all) of the -Matrix ecosystem is in a state of heavy development. personally I have -little faith in Matrix's long-term success, but at least there are -plenty of ways to bridge different other chat networks together, -including Discord.</p> - -<p>since I could not generate an API key for Discord (I'd have to ask -someone to do this on my behalf) and I simply did not want to run the -<a href="https://github.com/Half-Shot/matrix-appservice-discord" title="matrix-appservice-discord">node.js bridging software</a> due to fear of -running into issues with my already-limited resources, I settled for -<a href="https://t2bot.io/discord/">t2bot</a>, a public bridging service that bridges Telegram and Slack in -addition to Discord. sure, there are some issues with relation to -latency, but I believe this is justified by not having to hassle with -running the software myself. and for that I thank TravisR for offering -such a service. (you can <a href="https://t2bot.io/donations/">donate</a> to keep his -service alive if you wish.)</p> - -<p>this bridge now operates for the <a href="https://battlepedia.org/">BFBB Modding</a> guild, a community -dedicated to dissecting and making mods for the 2003 console game -<em>SpongeBob SquarePants: Battle for Bikini Bottom</em>, a game I loved as a -kid and would never have expected such a following to this day; as well -as a small general chat guild for another community that disbanded -recently. I was a moderator in the BFBB guild due to my efforts for -hosting the game's wiki, and an administrator in the latter guild, which -incidentally had to be recreated because I could no longer transfer -ownership to another member. a third guild related to Minecraft -advertised their Matrix bridge to me, so I am joined there as well. I am -not sure whether the bridge existed already or if my departure from -Discord prompted them to set up a bridge; in any case, it's cool that -some other people see eye-to-eye with the issues Discord introduces to -free, open chat.</p> - </div> - </content> - </entry> - <entry> - <title>my (and your) PGP habits could be better</title> - <link href="/blog/my-and-your-pgp-habits-could-be-better.xht" rel="alternate" type="application/xhtml+xml" /> - <id>/blog/my-and-your-pgp-habits-could-be-better.xht</id> - <published>2018-07-15T02:11:20+0000</published> - <updated>2018-07-15T02:11:20+0000</updated> - <author><name>opal hart</name></author> - <content type="xhtml"> - <div xmlns="http://www.w3.org/1999/xhtml"> -<p>I am an opportunistic PGP user, and I've used PGP for quite some time. if you encrypt mail to me, I'll encrypt back. if a download has a signature, I'll check it. I sign every one of my blog posts automatically, thanks to some dirty hacks to <a href="https://github.com/cfenollosa/bashblog">bashblog</a>.</p> - -<p>what's the issue then? well, I don't always do it religiously. I used to have a proper canary, but I abandoned it because it was a hassle on my end and I was afraid that nobody checked it anyway (I was wrong, one person actually did check it). that's why I have switched to blogging, which is sort of a more natural medium to sign and doesn't require me to go as out of my way to update (and even then, I have been slacking on my blog really hard).</p> - -<p>there are some other issues with my current use of PGP. check to see if the following also applies to you:</p> - -<ul> -<li><a href="https://alexcabal.com/creating-the-perfect-gpg-keypair/">creating a perfect keypair?</a> forget it. I don't have an airgapped device to do this safely. and even if I settled for a special removable medium, I used to have some trouble importing my stripped keypair into <a href="https://openkeychain.org/">OpenKeychain</a>. not to mention, the GnuPG utility – or any utility, for that matter – doesn't really have first-class support for this kind of scenario. there are a lot of issues with PGP's user experience, and I'll go into more detail with those later.</li> -<li>confirming trust of keys by signing them? signing keys and publishing my signatures to keyservers? it's difficult for me to remember to do this. so far, I'm pretty sure I have signed fewer than a dozen other people's keys.</li> -<li>confirming keys in general? I do basic checking, but I don't know how much is enough.</li> -<li>maintaining my key properly? who knows, honestly. I have not had a religious policy for subkey creation, deletion, and renewal. nor do I really know what is the <q>optimal</q> practice for maintaining my key.</li> -<li>refreshing and maintaining my keyring? a while ago, I found <a href="https://riseup.net/en/security/message-security/openpgp/best-practices#refresh-your-keys-slowly-and-one-at-a-time">a safer way to do this</a> but I have never ended up using it. furthermore, I have made very little effort to remove invalid keys from my keyring.</li> -</ul> - -<p>here are some issues I have seen with others' use as well as when I have been trying to use PGP with others:</p> - -<ul> -<li>first off, this is really on my side: I use elliptic-curve subkeys for signing and encryption, but I also have RSA 4096 subkeys when communicating with older PGP implementations. there are a few issues I have run into with this, such as not really knowing which subkeys I'm using since I let programs handle this automatically, as well as possible delivery errors because my recipient has no support for ECC algorithms. it's all very opaque to me and I tend to dismiss errors as <q>their issue, not mine</q> while in hindsight that might not have actually been the case.</li> -<li>I have seen many people, especially on Tor, try to be smart and reveal as little detail about them in their key metadata. this is straight-up <em>the wrong way to use PGP</em> especially over E-mail. your address <em>is not</em> <code>asdasdfsdf@asdf.asd</code>, stop making your key more difficult to use. create separate keys for separate purposes and use them appropriately.</li> -<li>since there is no <q>right way</q> of using PGP, we end up with people using all kinds of algorithms, all kinds of expiry policies, all kinds of renewal policies. some people properly renew their keys, others create new keys to replace the old ones (and I was guilty of this). some people's keys expire never, others' expire next week. I know some of this is a personal threat model consideration, but still, I believe too many people set unrealistic, unsafe expiries on their keys.</li> -</ul> - -<p>and lastly, usability and interface issues. it feels like XMPP all over again, what with all the different clients and none of them implementing the full standard in a correct and easy-to-use manner. there are practically no full-featured GUI frontends for PGP, and the GnuPG commandline implementation discourages newbies (and even people like me) from figuring out how to correctly maintain personal keypairs and a full keyring. I use keys for different purposes (some for E-mail, others for download signing) and it isn't immediately obvious that I could probably have two or more keyrings for that. also, is it possible to attach metadata to PGP keys (such as your XMPP account, website, or anything else that could possibly help verify people)? if it's possible, I surely don't know how to do it, nor do I know where I can search for more information.</p> - -<p>so, my suboptimal use of PGP is everyone's fault. and if you use PGP, you're probably using it suboptimally as well. I don't want to bash PGP outright for being a poor standard – I mean, come on, it has been around for decades, and it's still suggested by security professionals. but over those decades, <em>very little</em> has been done to change the state of affairs, and it's so easy to use it wrong.</p> - -<p>as always, I accept E-mail replies to my posts, but I especially want to hear readers' thoughts on this. I want to gauge how others use PGP, and I want to see what others believe should be the <q>correct</q> way of using it.</p> - </div> - </content> - </entry> - <entry> - <title>paving the road for the future of technology</title> - <link href="/blog/paving-the-road-for-the-future-of-technology.xht" rel="alternate" type="application/xhtml+xml" /> - <id>/blog/paving-the-road-for-the-future-of-technology.xht</id> - <published>2018-03-27T01:23:17+0000</published> - <updated>2018-03-27T01:23:17+0000</updated> - <author><name>opal hart</name></author> - <content type="xhtml"> - <div xmlns="http://www.w3.org/1999/xhtml"> -<p>when computing first became a real thing, they were mainly geared toward big business, education, government, and science. networks were groups of trusted entities, there was less need for security or future-proofing, because nobody had anticipated that this technology would become for personal use in the future. early computing and programming pioneers were passionate about their work; software and hardware were built durably because it was still only a niche market, and everyone in the market cared deeply about quality.</p> - -<p>now, the tide has shifted and with the advent of personal computers and mobile/IoT technologies, both sides of the equation have weakened: the target market has adopted a consumer approach to technology, and the developers have followed suit. there is no push for developers to cater to quality; there is high demand for cheap labour in these fields. small businesses remain insecure, large businesses can get away with opaque policies and planned obsolescence, and decent software and ideas become overlooked for a few reasons: the creators of good software normally work under the mantra of FOSS, they normally work as a hobby in their own free time, and they do not attract much of a following for one big reason: choice.</p> - -<p>give a user a choice between security and ease of use: they'll choose ease of use. give them elegant code or elegant UI, they'll choose UI. it is therefore the <em>developer's responsibility</em> to give users the easy UI/UX they desire <em>as well as</em> the security and elegance they need. some big players like Google understand the value of security (others such as Equifax, maybe not so much, sadly) but they still cut corners with regard to privacy and quality in an effort to take the easy route. because the fact still stands, users have a mentality that <q>anything bad won't happen to me</q> or <q>I have no information that anyone cares to utilise, therefore I must be safe</q> -- they will not do any more than is required to access their services and move on with their life. because of this, it is the developer's responsibility to set a precedence and to give users only one choice.</p> - -<p>I believe that all big businesses can invest enough to improve hardware and software quality; to improve security practices; to approach newer, saner standards that match the growing demands of the twenty-first century. it is a shame that thousand-dollar smartphones are not physically worth a thousand dollars, aside from the brand esteem these products have developed. it is sad that phones are not able to last as long as most cars or computers, or to last half as long as houses; they are seen as disposable technologies that are not built to last. it is sad that people cut corners for safety even though basic security practices are easy and cheap to implement these days; and more-advanced security would cost a short-term investment but set a future-proof standard for this type of thing.</p> - -<p>a lot of things could be implemented today that would be a bit of a speed bump for companies, but it would be a net improvement both for security and for ease of use. some things I want to see implemented:</p> - -<ul> -<li>public/private key authentication for online services rather than passwords. I have touched on this previously and I will say it again because I believe in it so much. users would not have to remember passwords; their software could automatically generate the necessary keys and provide a simple <q>log in</q> button (or fingerprint TFA, something that requires an extra step of authentication but is easy to use), and the software could tell the user to periodically back up these account databases to a flash drive or some other medium.</li> -<li>client-side encryption. we're already increasingly seeing this in some messaging platforms. Google Chrome and Chromium do this for browser setting synchronisation. MEGA.nz does this for file uploads and downloads. it needs to be extended to cloud file storage: your files are tied to your account login, only you (or friends, or people with the link, if you configure filesharing as such) may decrypt and access the files, and the server only sees an encrypted copy of anything, making passive and active file analysis impossible. I wish to see E-mail headed toward the same direction.</li> -<li>the return of user-serviceable appliances. we invented removable parts ages ago for a reason: it allows for reliable, repairable, inexpensive products and cuts down on wastefulness, since a user will not need to throw away the entire appliance if one part is broken.</li> -<li>user education. people and businesses need to know the consequences of inadequate technology. privacy and security are important to protect against identity theft and money fraud. if you are not using secure and reliable technology, you are putting not only yourself but also your friends at risk.</li> -</ul> - -<p>it's a shame that not everyone is passionate about technology and that most people just want things to work without exploring them, but that's a fact of life. what we <em>don't</em> need is for this attitude to leak into developers' attitudes. security and quality can be easy, maybe with some additional short-term costs, but it's for the better.</p> - </div> - </content> - </entry> - <entry> - <title>staying safe online</title> - <link href="/blog/staying-safe-online.xht" rel="alternate" type="application/xhtml+xml" /> - <id>/blog/staying-safe-online.xht</id> - <published>2019-08-24T00:15:20+0000</published> - <updated>2019-08-24T00:15:20+0000</updated> - <author><name>opal hart</name></author> - <content type="xhtml"> - <div xmlns="http://www.w3.org/1999/xhtml"> -<p>this is an E-mail I typed out and figured it'd be fitting as its own -public post:</p> - -<blockquote> - <p>If you want the closest thing to true anonymity from software -perspective, I'd suggest Tails because it's pre-configured to proxy -everything through Tor. It can be run with a live CD / USB on bare -metal, or it can be used in a virtual machine of the user's choosing -(personally I use qemu for Linux, and I think virt-manager is a GUI -frontend for it, but a lot of people may have heard of VirtualBox -which is cross-platform). Even I use Tails for certain things -although I consider myself to be proficient and able to set up my own -anonymous system; sometimes it isn't worth the trouble when I need to -be sure that my system is safe, though.</p> - -<p>If you want an "everyday setup" where anonymity isn't key, but you -still want security and casual privacy, drop Windows in favour of -Linux, and grab the Tor Browser if you want to browse the Internet -through Tor (not limited to onion websites, which seems to be a -misconception for people "exploring the deep web"). Steam can play a -lot of games in Linux, Wine can run many Windows programs, and as a -last resort, a user can set up a Windows virtual machine or set up -dual-booting (although from my understanding, Windows can fuck with -dualboot partitioning, so this might be an advanced topic. Personally -I don't trust Windows with hardware access at all, anymore). One big -issue (that unfortunately I have to face as well) is NVidia graphics -support in Linux. The best solution to any NVidia issues is to replace -the NVidia GPU with AMD, because AMD ships open-source drivers, or, if -the user doesn't do much gaming then it's likely fine to just use the -integrated graphics from the CPU. It's an unfortunate fact that NVidia -is very anti-consumer; if I had other suggestions you'd bet I would -say, but my friend and I (and many other people) have had nothing but -issues with NVidia.</p> - -<p>For additional safety, no matter whether you use Tor Browser in -Tails, or Tor Browser in Linux, or even a normal browser in Linux -like I do: I strongly suggest disabling JavaScript by default for -sites you don't trust. In Tor Browser, it's as simple as clicking the -NoScript icon in the toolbar to whitelist a website. There was a -NoScript bug found not too long ago that allowed sites to bypass -settings regardless, but this has since been fixed and hopefully -there will not be similar incidents in the future. This is why I -strongly dislike modern Web browsers; they're too big to make sure -that they're entirely bug-free. (I personally use uMatrix instead of -NoScript, because it's much more configurable and can block more than -scripts, but it's probably not best to suggest in a "basic tips" -YouTube video.)</p> - -<p>Like I said in my previous E-mail, a VPN does not help with anonymity -in any way. You can still stick in that sponsorship for PIA if you -make clear it's only to keep users' Internet activity away from -<em>their own ISP</em>, and it gives them a different IP address perhaps in -a different country, if they so choose. This can be useful for -accessing region-locked websites, for instance, or for casual privacy -to prevent other people from finding someone's home IP address. The -VPN can still see and track all users' activity, but my opinions of -PIA aside, I believe from a business standpoint they will be very -careful about what they do with user information. Just know though, -depending on what country a VPN is based in, they might be forced to -comply with requests for user information by law.</p> - -<p>Enough about software; usually people are able to follow along until -it comes to something scary: they aren't safe until they change their -own behaviours as well. I was taught one thing as a kid, practically -every year in school there was a poster or a computer lab teacher -telling us "don't share your personal information with strangers -online". This seems to have been forgotten with the rise of social -platforms that encourage or require users to use their real info, and -it's really sad that things have taken a turn for the worse in this -regard. Even before I knew what Tor was, I never gave people so much as -my name, and to this day, while I did say some dumb shit in my early -teenage years (who hasn't done things before that seem foolish to them -now?) I can at least say I don't regret how I handled my personal -information during all these years. Nowadays, the Internet is a more -hostile place, with more people understanding the power of "big data" -and keen on collecting user information, with all the serious threats -regarding IoT security vulnerabilities (allowing for large-scale DDoS -attacks for cheap, or potentially worse attacks against the devices -themselves). So, it's more important than ever not to give anyone any -information that one might regret sharing later.</p> - -<p>Keeping a healthy amount of scepticism toward other users and services -online has always been a rule of thumb as well, albeit one that's lesser -talked about. (It's normally brought up by school librarians and English -teachers, who urge students to ensure that their citation sources are -credible.) A lot of people especially on Tor phrase it as "don't trust -anyone" which is an imprecise piece of advice. It might be good advice -for people who don't yet know what signs to look out for that tell apart -a normal user from a con artist or a federal agent (and federal agents -are perhaps best-equipped to produce convincing cover identities). I -don't open up to many people online, but I have definitely made at least -a couple real connections with Tor users. A lot of people, I don't -<em>need</em> to trust, such as the people I ask to join the moderation team on -Hidden Answers, or others I ask advice / questions from, for instance. -In the former case, I give moderators just enough access to the site to -do their jobs, and if a rogue moderator happens to slip through, the -damage is normally easily reversible. And we have had some cases of -rogue moderators -- usually just scammers who abused their position for -extra credibility, though. In the latter case, I can use my own logic to -verify whether someone's advice sounds reasonable, or I can cross-verify -with other sources.</p> -</blockquote> - </div> - </content> - </entry> - <entry> - <title>are passwords the right solution?</title> - <link href="/blog/are-passwords-the-right-solution.xht" rel="alternate" type="application/xhtml+xml" /> - <id>/blog/are-passwords-the-right-solution.xht</id> - <published>2018-01-09T10:51:38+0000</published> - <updated>2018-01-09T10:51:38+0000</updated> - <author><name>opal hart</name></author> - <content type="xhtml"> - <div xmlns="http://www.w3.org/1999/xhtml"> -<p>[I have lacked motivation to write anything lately, but this week marks the beginning of my spring college semester, so I figured I'd force myself back into a schedule.]</p> - -<p>a month or two ago I read <a href="https://dropsafe.crypticide.com/article/9481">an article by Alec Muffett</a>, where he attempted to defend password authentication as possibly the only viable online security solution. I even sent him an E-mail asking him to reconsider some of his thoughts toward passwords:</p> - -<blockquote> - <p>[...] I came across your opinion -on password use [4] and I have to disagree with you. My issue with -passwords (as they are currently widely implemented) is that the -password has to be sent to the server verbatim, and it is up to the -server to safely handle this password (hashing it and making sure memory -where passwords are handled is promptly cleared, in case of -vulnerabilities in the server that allow reading memory), and it is up -to both the user and the server to initiate a secure connection so that -password eavesdropping is infeasible. I favour PKI, challenge -authentication, and other mechanisms which do not require any -transmission of a private key or passphrase over plaintext to the -server. This places the burden of security on the user and on the -PKI/challenge protocol itself, which I believe to be much safer than -having to place the burden on all of the user, server, and transmission -medium. Please consider these points and perhaps revise your decision on -claiming that passwords as they are used today are a sound security -mechanism.</p> -</blockquote> - -<p>so already, that explains half my stance on passwords off the bat. I do favour PKI -- I use elliptic curve keys for all SSH connections and disable password authentication, and I would use similar authentication for websites if it was an option. to me, it makes more sense to have a file or files tied to each device I own, and should that device be compromised, I can simply log in from another device and revoke the now-insecure key. this allows for finer-grained access control than I would have with passwords: for example, right now I would have to reset my password if I logged in even once on an untrusted public computer. granted, I would have to use a temporary key for a public computer, stored on something such as a USB drive, but at least I wouldn't have to change the key on each device I own. it's a different story if you have a remarkable memory and can memorise random passwords with ease, but a lot of people including myself cannot or will not trust our memory to this task.</p> - -<p>I have more faith in <abbr title="two-factor authentication">TFA</abbr> than I do in plain passwords. to save myself from reiterating ideas I have already typed (again) I will cite my response to the <a href="http://answerstedhctbek.onion/227514">Hidden Answers question <q>What and how much credentials do you save in KeePassX?</q></a> (please note this link is only accessible over Tor or this <a href="http://hiddenanswers.i2p/227514">I2P link</a>):</p> - -<blockquote> - <p>[W]e should look more into TFA. KeePass supports it to some extent (it combines a password, something you know - with a keyfile, something you have like a USB drive). It allows you a little more time to react to breached security because even if the attacker has one piece of the TFA, it will take him some time to get the other piece and actually be able to utilise that information.</p> - -<p>Weigh the differences:</p> - -<ul> -<li>Store the passwords in your head. <strong>Pros:</strong> you can't hack a brain (as far as I know). <strong>Cons:</strong> unless you have impeccable memory, you will likely formulate smaller, weaker passwords because that's all you can remember. Also, you may choose to reuse passwords more often, which is also unsafe.</li> -<li>Store the passwords on paper. <strong>Pros:</strong> you can't hack a piece of paper. Also, if you don't label the passwords (you use something like PasswordCard.org) you can be a little safer in case you lose it / someone sees it. <strong>Cons:</strong> someone can easily steal that piece of paper, and even if you use the PasswordCard, you have significantly narrowed the possible passwords for the attacker. So, if you lose that card, you're going to want to rush to change all your passwords.</li> -<li>Store the passwords in a password manager. <strong>Pros:</strong> Password managers organise your passwords and they require you to only know the master password, leaving you with less to remember. Good managers can also generate strong random passwords for you. <strong>Cons:</strong> once someone gets the master password, your passwords are all in the open and you're in big trouble unless you set up TFA for all your accounts.</li> -</ul> -</blockquote> - -<p>TFA/multi-factor authentication is a definite improvement over single-factor authentication, and only recently have I decided to add TFA to any account I could find an option to do so. I also use a combination of storing frequently-used passwords in my head and storing the rest in a password manager, which are encrypted and synchronised to Google Drive and, in effect, to my phone. that way, I have a copy wherever I go and I am as secure as possible within the confines of password management.</p> - -<p>I still believe authentication should be given more thought; there are still <em>plenty</em> of organisations that have very poor regard for security and impose artificial limits on passwords out of cost/laziness:</p> - -<ul> -<li>limits on password length or character composition,</li> -<li>storing passwords in the remote database as plaintext,</li> -<li>sending back a password over an insecure channel as <q>confirmation</q> of a password reset, and</li> -<li>requiring a user to add <q>security questions</q> to one's account (which is a huge fucking oxymoron; there's nothing secure about security questions).</li> -</ul> - -<p>if all websites agreed that these are poor practices, that would eliminate many of the issues with passwords right away. combine that with mandatory use of a secure channel such as TLS (which many sites thankfully do now), use of server-side password hashing such as bcrypt or Argon2, and user education on proper password formulation (no password reuse, no dictionary words, et cetera) and sites would be sitting pretty while not compromising compatibility with the current security ecosystem. users should know that password managers are as necessary as an Internet browser at this point, and that there are many user-friendly solutions to this already: many Web browsers even have built-in password saving and synchronisation across devices, but of course there are also solutions such as KeePass and LastPass. in fact, these points I just made are in line with Alec's article I linked at the beginning, so we're in agreement there.</p> - -<p>but what if we want to take a step further and opt for a more secure (but less orthodox) solution? let's look at the list of advantages Alec gave favouring passwords, and compare this to something like PKI:</p> - -<ol> -<li>passwords are easy to deploy <em>[and so is a PKI solution, at the cost of a temporary stage of switching from passwords to PKI. if done correctly, PKI can be abstracted to the end-user so that it is actually easier to use than passwords, and users can just click <q>generate login</q> to create a random file and save it to an internal (optionally synched) database on-the-fly.]</em></li> -<li>passwords are easy to manage <em>[... see above for why PKI would be easy to manage without the user being concerned with implementation.]</em></li> -<li>passwords don’t require identity linkage between silos – so your Google username can be different from your Skype username, can be different from your SecretFetishPornSite.com username <em>[... PKI doesn't require this either; simply generate new keys for each site you use.]</em></li> -<li>passwords are scalable – you can use as many different ones as you like <em>[... same for PKI.]</em></li> -<li>passwords can be varied between silos so that loss of one does not impact the others <em>[... see above.]</em></li> -<li>passwords don’t (necessarily) expire <em>[... still same for PKI. advanced users could optionally be allowed to set expiries for keys (just like X.509 allows), and users could at any time revoke a key from a website if it's compromised.]</em></li> -<li>passwords are the purest form of authentication via ‘something you know’, and thus ideal for the network or “cyber” environment. <em>[now, this <strong>is</strong> an actual argument for passwords. PKI is along the lines of <q>something you have</q>, but for the majority of security-conscious users, so are passwords. passwords are stored in a database or on a piece of paper (something we have) unless we have remarkable memory (more power to you) or we reuse passwords (which is wrong).]</em></li> -<li>you don’t need to pay an intermediary or third-party a surcharge just to get a new password, nor to maintain an old one <em>[... same for PKI.]</em></li> -</ol> - -<p>aside from the fact that PKI is <q>something you have</q> rather than <q>something you know</q>, it maintains many of the properties of passwords and has the added benefit of being secure by default: secret keys are not transmitted over the wire, and server database compromises would be fruitless since all keys stored are already public. end result, both users and server administrators have less to think about and worry about. there are still perfectly valid uses for passwords, but I would like for people not to fool themselves into thinking passwords are the universal solution. passwords should <em>strictly</em> be something you know rather than something you stick in a database, and you should only have to memorise a handful of passwords, instead of having to remember one password per mail account, social network account, bank account, forum account, game account, and whatever other accounts you have. passwords should be used in a local context: useful to decrypt your PKI database locally or to unlock your computer/phone quickly.</p> - </div> - </content> - </entry> - <entry> - <title>the grey area of paedophilia</title> - <link href="/blog/the-grey-area-of-paedophilia.xht" rel="alternate" type="application/xhtml+xml" /> - <id>/blog/the-grey-area-of-paedophilia.xht</id> - <published>2018-04-28T20:38:43+0000</published> - <updated>2018-04-28T20:38:43+0000</updated> - <author><name>opal hart</name></author> - <content type="xhtml"> - <div xmlns="http://www.w3.org/1999/xhtml"> -<p>before anyone gets shocked: <strong>I am against rape and abuse of any kind.</strong> this post is only to address the fact that most people -- those who claim to protect the rights of children -- are focusing in the wrong places.</p> - -<p>lately, I have come across articles online that explain the difference between Western and Japanese views on <a href="https://wikipedia.org/wiki/Lolicon">lolicon</a> (which refers to Japanese media that focuses on cartoon underage girls). contrarily, I have also come across some real counts of child abuse such as <a href="https://www.thenewamerican.com/usnews/crime/item/25713-dr-phil-interview-exposes-global-elite-pedophiles">a review on Dr. Phil's interview that <q>exposes global elite pedophiles</q></a> which seems to sum up the issue the best.</p> - -<p>also within the past year, various people have questioned my stance on paedophilia, and they seem to not grasp a full picture on my beliefs, so I would like to make this all clear within a full written explanation, complete with supporting information.</p> - -<p>where am I going with this? in the Americas and Europe, there seems to be a sacred air around anything involving children. this is not necessarily a bad thing; children are impressionable and deserve every chance to experience a fulfilled life without fear of harm in any way. but it seems as if this is being used as an <em>excuse</em> to push certain legislation and cultural norms, rather than an actual reason for focusing on these issues. take for example child exploitation. somehow a count for rape is deemed lesser than a count for child rape? what's the difference? they're both inhumane and deserve harsh <q>eye for eye</q> punishment in my book. so why is it any worse for this to happen to children than for it to happen to anyone else?</p> - -<p>both adult and child molestation are sadly very prominent in the world, not only with undeveloped nations but also with this global elite -- sometimes the same people who publicly support legislation to crack down on child abuse. if that isn't hypocritical, nothing is.</p> - -<p>but are we focused on the right issues? being an active member in various Tor/I2P hidden service communities, as well as on online imageboards, I see a lot of talk against the possession of child pornography itself. there is no mention about the severity of the case, and to these people, a picture of a fourteen-year-old posing nude in a mirror is fully equivalent to one of a violent rape scene involving children who may not even be old enough to talk. these people stop at the mention of <q>children</q> and don't take into account all of the aspects of whatever they're speaking against.</p> - -<p>the fourteen year old? fourteen is an age of consent in various parts of the world, and it is a natural stage in life for sexual exploration. should someone post their nudes on the internet -- probably not, because they might regret it later, but this is true for any aged person, right? I'm sure some twenty- and thirty-somethings have regretted drunkenly posting sexual depictments of themselves for everyone to see. to sum up, I don't see why this should be up for legislation to decide. children should be educated on what is okay and not okay to post online instead, and they need to learn to think for themselves.</p> - -<p>the rape scene? this is <strong>not okay</strong>. this is what people need to focus on when they are advocating for humane reform. it is a very real issue and many people, children and adults alike, are involuntarily involved in the sex trade every day, with little to no hope of escaping this life. <em>this</em> should be what I see when I hear people speaking against child abuse. with enough care, these injustices can be corrected, and police may work together so that the criminals responsible may be punished (by death, as far as I care). that way, we are <em>objectively</em> making the world a more humane place, and we aren't only satisfying people who hold subjectively-moral beliefs. you as an individual are welcome to have your own beliefs, but please focus on concrete efforts to stop unjust activity in the world.</p> - -<p>I don't typically like to be involved in political discussion, but this issue has been concerning me for a while, and people genuinely believe I am a paedophile due to my <q>liberal</q> opinions of paedophilia and lolicon. as I have said, my issue is about the different classifications of crimes against children versus those against adults. crime is crime, no matter the victim.</p> - </div> - </content> - </entry> - <entry> - <title>trying new software</title> - <link href="/blog/trying-new-software.xht" rel="alternate" type="application/xhtml+xml" /> - <id>/blog/trying-new-software.xht</id> - <published>2018-02-11T12:01:13+0000</published> - <updated>2018-02-11T12:01:13+0000</updated> - <author><name>opal hart</name></author> - <content type="xhtml"> - <div xmlns="http://www.w3.org/1999/xhtml"> -<p>I haven't been motivated to write anything lately, but I guess I can give an update on what software I am currently trying or going to try:</p> - -<ul> -<li>neovim, to replace vim. I chose it because the codebase and development is supposed to be cleaner and less dependent on one person pulling in patches. liking it so far; it also has a few small features I've been looking for in vim, namely the ability to resize panes using mouse. this may have already been possible in vim but it has never worked for me.</li> -<li>neomutt, saw it when I was looking up mutt and chose it because it offers some plugins built-in. once I configure it I may replace seamonkey with that and a different internet browser. first issue I see with mutt/neomutt is lack of mouse support, but I'll still play with it for a while.</li> -<li>sway (wayland compositor). I haven't really had a chance to try this yet but I want to see how well wayland works, and I may switch to it from X.</li> -<li>ConnMan, to replace NetworkManager. it's definitely light and apparently it supports USB tethering and bluetooth PAN, so I'll give it a shot.</li> -</ul> - -<p>I also downloaded some ISOs to play with in qemu:</p> - -<ul> -<li>Void Linux -- haven't run it yet</li> -<li>TempleOS -- tried it, it works but the 100% sound volume scared me</li> -<li>ReactOS -- it won't boot properly; I'll have to look at the error again</li> -<li>Gentoo -- I used this briefly years ago but haven't accustomed myself to it at all. I want to install it with musl and busybox, possibly also a hardened profile.</li> -<li>Plan 9 -- haven't run it yet</li> -</ul> - -<p>aside from that, I had a very spiritual dream last night so I have decided to keep a dream/meditation log now. I used to keep a dream log years ago but stopped due to lack of interest. hopefully I keep my interest this time, because I feel I may be able to learn some things from my experiences. if I make any notable discoveries I may write about them here.</p> - </div> - </content> - </entry> -</feed> diff --git a/out/blog/guess-im-done-with-discord.xht b/out/blog/guess-im-done-with-discord.xht @@ -1,170 +0,0 @@ -<?xml version="1.0" encoding="UTF-8"?> -<!DOCTYPE html> -<html xmlns="http://www.w3.org/1999/xhtml" lang="en-GB"> - <head> - <title>guess I'm done with Discord – wowana.me</title> - <link rel="stylesheet" type="text/css" href="/opal.css"/> - <link href="/blog/feed.atom" type="application/atom+xml" rel="alternate" title="Blog Atom feed"/> - <meta xmlns="http://www.w3.org/1999/xhtml" name="viewport" content="width=device-width, initial-scale=1"/> - </head> - <body> - <div class="sidebar-holder"> - <header class="sidebar"> - <img class="avatar" src="https://seccdn.libravatar.org/avatar/bb7163135b77def7691f06a4e295f3d4?s=290" alt="Libravatar"/> - <h1><a class="nolink" href="/">opal</a></h1> - <p class="subheader">wowaname</p> - <nav class="topnav"> - <ul> - <li><a href="/about.xht">about</a></li> - <li><a href="/blog/">blog</a></li> - <li><a href="/contact.xht">contact</a></li> - <li><a href="/donate.xht">donate</a></li> - <li><a href="/git/">git</a></li> - <li><a href="/pgp.xht">PGP</a></li> - <li><a href="/files/">files</a></li> - <li><a href="/permalink.xht">permalink</a></li> - <li>content is <a href="https://creativecommons.org/share-your-work/public-domain/cc0">public domain</a> unless otherwise noted</li> - </ul> - </nav> - </header> - </div> - -<main> -<h1 id="guess-I%27m-done-with-Discord">guess I'm done with Discord</h1> - -<time datetime='2019-08-15T23:57:49+0000' title='2019-08-15T23:57:49+0000'>2019 Aug 15</time> - -<p>I'll let the E-mail ticket do most of the talking:</p> - -<blockquote> - <p>Hi,</p> - -<p>Today I received a prompt to verify my account with a phone number [1], -which is the first time I have ever encountered this message in the -entire time I've had my account (created 2017 Jan 09 according to my -password manager). My account opal#6614 has a verified E-mail address -(the one I'm sending this message from) and two-factor authentication. -As I have mentioned in a prior support request, I use Tor to access -Discord, both on my desktop and my phone.</p> - -<p>I refuse to provide phone verification as I believe it is Discord's -fault for flagging my account even though I've never had an issue -following terms of service. I do not spam, I do not upload content -against terms of service (even though I disagree with the list of -banned content), and I have never used this or other accounts to evade -bans or other limitations. The reCAPTCHA upon login was insulting -enough, and now being asked for a phone number is an even bigger spit -in my face. The only thing I can think of that may have triggered -Discord's crappy anti-spam detection, is the invite I sent to a user -for my newly-created guild. That, and the fact I just so happen to be -using Tor when sending the invite. Because, everything else about the -invite was fine: I have been friends with the user I invited, and I did -not spam the user (or any other users for that matter) whatsoever.</p> - -<p>Please make it so: -1. Discord's anti-spam isn't so anal, -2. my account (and other accounts in good standing and with proper 2FA) -is exempt from such checks, and -3. I don't have to solve a Google reCAPTCHA for an account I have taken -every step to protect against bruteforcing. Using Tor is not a crime; -don't treat it as such.</p> - -<p>I'm tired of Discord's attitude toward things like this and I'll sooner -abandon my account and uninstall the app if I am unable to access my -account. I will recommend all my friends to migrate to a more suitable -platform if this continues, too. I am not part of Discord Hype Squad -for very good reason; Discord has shown to be hostile toward FOSS and -privacy for a while now.</p> - -<p>[1]&lt;<a href="https://pl.wowana.me/media/0bf9e6e5cb428f89596e9d217f281d4f054895c85a3450a5b7fb2d876e8f6bc1.png">https://pl.wowana.me/media/0bf9e6e5cb428f89596e9d217f281d4f054895c85a3450a5b7fb2d876e8f6bc1.png</a>></p> - -<p>Thanks,</p> - -<p>wowaname &lt;<a href="https://wowana.me/pgp.xht">https://wowana.me/pgp.xht</a>></p> -</blockquote> - -<p>reply:</p> - -<blockquote> - <p>Hi opal,</p> - -<p>Thanks for reaching out!</p> - -<p>Sorry to hear that you're walled out of your account. I just checked with my team, and upon review of your account, it appears that our system's detection system has triggered successfully and we will not be removing the phone verification requirement on your account, and you'll be required to register a phone number to your Discord account in order to continue the use of it.</p> - -<p>It's possible that our system detected that you were using a VPN or proxy that was shared with other bad actors, which is why our system flagged your account. However, for privacy reasons, we're not able to share the specifics of the inner workings of our system.</p> - -<p>I understand that you put privacy above all else, however, we won't be able to remove the phone verification prompt and you really need to use a phone number to get back into the account. Just a heads up, if you're currently using a VOIP or landline number, unfortunately, VOIP and landlines are not compatible with our verification system.</p> - -<p>Otherwise, if you have recently attempted to verify this number already, our system will put a timeout on a number from being used again for anti-abuse purposes, and unfortunately, you will need to wait for the end of the timeout to use the number once more or use a different number to verify the account. Sadly, because the system automatically detects and generates a timeout period when a phone number has been used multiple times to verify an account, there is no exact ETA for when the number will be able to used to verify another account.</p> - -<p>If that's not the case, let me know what number you're trying to register and I'll be more than happy to double check in our system.</p> - -<p>Best, -Devemer</p> -</blockquote> - -<p>my reply:</p> - -<blockquote> - <blockquote> - <p>upon review of your account, it appears that our system's detection -system has triggered successfully and we will not be removing the -phone verification requirement on your account, and you'll be required -to register a phone number to your Discord account in order to -continue the use of it.</p> - -<p>It's possible that our system detected that you were using a VPN or -proxy that was shared with other bad actors, which is why our system -flagged your account. However, for privacy reasons, we're not able to -share the specifics of the inner workings of our system. </p> -</blockquote> - -<p>I've been accessing Discord with Tor just fine for several months now. -How in the hell is my account suddenly a threat to Discord?</p> - -<blockquote> - <p>I understand that you put privacy above all else, however </p> -</blockquote> - -<p>No, you don't understand. I will <em>not</em> give any phone number for -verification. I am treated like an abuser of the Discord service, I am -singled out for my use of Tor. I take this personally. If Discord blocks -Tor, then clearly you do not want to see me as a user. I will do my best -to find an alternate platform with a user interface my friends and other -peers are comfortable with. Discord has never held a monopoly over chat -and voice, and it never will. An alarming amount of your userbase is -vocally unhappy with Discord just as I am, as I have noted from many -conversations across several guilds.</p> - -<p>I've enabled 2FA, I rotate my passwords at least once a year, I do not -engage in password reuse, I choose strong passphrases, I verified my -E-mail. Discord will not bully me into solving reCAPTCHAs as free labour -for Google, nor will it bully me into providing a phone number. If you -or any other representative/specialist will not override this asinine -"detection system" despite this abundant evidence that I am not a bad -actor, then it's simple, I will leave Discord. I've tolerated all of -Discord's other shortcomings without much protest, but I will not stoop -any lower to remain on the platform.</p> - -<p>Unless you can refer me to someone who can look into this given the -<em>context</em> of my account, this will be my last reply. I will be making -this message thread public, in the interest of other current and -potential Discord users.</p> - -</blockquote> - -<hr /> - -<p>in a nutshell, unless Discord has a change of heart and allows me access -to my account, I will cease to use its service. chances seem slim, -though, especially considering they shot down my suggestion to remove -reCAPTCHA puzzles from the login form, even when 2FA is active on the -account in question.</p> - -<p>I will be communicating with a couple communities with which I'm -involved to explain that I am unable to use Discord, and with any luck, -we can explore user-friendly alternatives together.</p> -</main> - </body> -</html> diff --git a/out/blog/index.xht b/out/blog/index.xht @@ -1,60 +0,0 @@ -<?xml version="1.0" encoding="UTF-8"?> -<!DOCTYPE html> -<html xmlns="http://www.w3.org/1999/xhtml" lang="en-GB"> - <head> - <title>blog – wowana.me</title> - <link rel="stylesheet" type="text/css" href="/opal.css"/> - <link href="/blog/feed.atom" type="application/atom+xml" rel="alternate" title="Blog Atom feed"/> - <meta xmlns="http://www.w3.org/1999/xhtml" name="viewport" content="width=device-width, initial-scale=1"/> - </head> - <body> - <div class="sidebar-holder"> - <header class="sidebar"> - <img class="avatar" src="https://seccdn.libravatar.org/avatar/bb7163135b77def7691f06a4e295f3d4?s=290" alt="Libravatar"/> - <h1><a class="nolink" href="/">opal</a></h1> - <p class="subheader">wowaname</p> - <nav class="topnav"> - <ul> - <li><a href="/about.xht">about</a></li> - <li><a href="/blog/">blog</a></li> - <li><a href="/contact.xht">contact</a></li> - <li><a href="/donate.xht">donate</a></li> - <li><a href="/git/">git</a></li> - <li><a href="/pgp.xht">PGP</a></li> - <li><a href="/files/">files</a></li> - <li><a href="/permalink.xht">permalink</a></li> - <li>content is <a href="https://creativecommons.org/share-your-work/public-domain/cc0">public domain</a> unless otherwise noted</li> - </ul> - </nav> - </header> - </div> - -<main> -<h1 id="blog">blog</h1> - -<p><a href="/blog/feed.atom">atom feed</a></p> - -<ul> -<li><a href="living-without-discord.xht">living without Discord</a> <em>last updated <time datetime='2019-09-20T15:16:53-00:00' title='2019-09-20T15:16:53-00:00'>2019 Sep 20</time></em></li> -<li><a href="guess-im-done-with-discord.xht">guess I'm done with Discord</a> <em>last updated <time datetime='2019-08-29T09:57:38-00:00' title='2019-08-29T09:57:38-00:00'>2019 Aug 29</time></em></li> -<li><a href="federated-social-networking.xht">federated social networking</a> <em>last updated <time datetime='2019-08-29T09:41:55-00:00' title='2019-08-29T09:41:55-00:00'>2019 Aug 29</time></em></li> -<li><a href="staying-safe-online.xht">staying safe online</a> <em>last updated <time datetime='2019-08-24T00:15:20-00:00' title='2019-08-24T00:15:20-00:00'>2019 Aug 24</time></em></li> -<li><a href="why-program-efficiency-and-usability-matters.xht">why program efficiency [and usability] matters</a> <em>last updated <time datetime='2019-06-05T03:41:13-00:00' title='2019-06-05T03:41:13-00:00'>2019 Jun 05</time></em></li> -<li><a href="wowaname-now-on-git-and-hosted-on-my-laptop.xht">wowana.me now on git (and hosted on my laptop)</a> <em>last updated <time datetime='2019-06-05T03:15:47-00:00' title='2019-06-05T03:15:47-00:00'>2019 Jun 05</time></em></li> -<li><a href="a-new-era-for-hidden-answers.xht">a new era for Hidden Answers</a> <em>last updated <time datetime='2019-05-11T03:38:03-00:00' title='2019-05-11T03:38:03-00:00'>2019 May 11</time></em></li> -<li><a href="a-musing-on-sharing-and-receiving-opinions.xht">a musing on sharing and receiving opinions</a> <em>last updated <time datetime='2018-09-24T11:40:36-00:00' title='2018-09-24T11:40:36-00:00'>2018 Sep 24</time></em></li> -<li><a href="acme-client-letskencrypt-dns-01-how-to.xht">acme-client (letskencrypt) dns-01 how-to</a> <em>last updated <time datetime='2018-09-21T16:45:46-00:00' title='2018-09-21T16:45:46-00:00'>2018 Sep 21</time></em></li> -<li><a href="my-and-your-pgp-habits-could-be-better.xht">my (and your) PGP habits could be better</a> <em>last updated <time datetime='2018-07-15T02:11:20-00:00' title='2018-07-15T02:11:20-00:00'>2018 Jul 15</time></em></li> -<li><a href="why-i-no-longer-use-github.xht">why I no longer use GitHub</a> <em>last updated <time datetime='2018-06-21T13:32:04-00:00' title='2018-06-21T13:32:04-00:00'>2018 Jun 21</time></em></li> -<li><a href="the-grey-area-of-paedophilia.xht">the grey area of paedophilia</a> <em>last updated <time datetime='2018-04-28T20:38:43-00:00' title='2018-04-28T20:38:43-00:00'>2018 Apr 28</time></em></li> -<li><a href="site-update.xht">site update</a> <em>last updated <time datetime='2018-03-27T01:30:09-00:00' title='2018-03-27T01:30:09-00:00'>2018 Mar 27</time></em></li> -<li><a href="paving-the-road-for-the-future-of-technology.xht">paving the road for the future of technology</a> <em>last updated <time datetime='2018-03-27T01:23:17-00:00' title='2018-03-27T01:23:17-00:00'>2018 Mar 27</time></em></li> -<li><a href="chen-hosting-goals-and-difficulties.xht">Chen Hosting goals and difficulties</a> <em>last updated <time datetime='2018-03-05T04:29:31-00:00' title='2018-03-05T04:29:31-00:00'>2018 Mar 05</time></em></li> -<li><a href="trying-new-software.xht">trying new software</a> <em>last updated <time datetime='2018-02-11T12:01:13-00:00' title='2018-02-11T12:01:13-00:00'>2018 Feb 11</time></em></li> -<li><a href="learning-how-to-learn.xht">"Learning how to learn"</a> <em>last updated <time datetime='2018-01-23T18:42:19-00:00' title='2018-01-23T18:42:19-00:00'>2018 Jan 23</time></em></li> -<li><a href="are-passwords-the-right-solution.xht">are passwords the right solution?</a> <em>last updated <time datetime='2018-01-09T10:51:38-00:00' title='2018-01-09T10:51:38-00:00'>2018 Jan 09</time></em></li> -<li><a href="testing-patches-made-to-bashblog-script.xht">testing patches made to bashblog script</a> <em>last updated <time datetime='2017-12-21T21:08:11-00:00' title='2017-12-21T21:08:11-00:00'>2017 Dec 21</time></em></li> -</ul> -</main> - </body> -</html> diff --git a/out/blog/learning-how-to-learn.xht b/out/blog/learning-how-to-learn.xht @@ -1,72 +0,0 @@ -<?xml version="1.0" encoding="UTF-8"?> -<!DOCTYPE html> -<html xmlns="http://www.w3.org/1999/xhtml" lang="en-GB"> - <head> - <title>"Learning how to learn" – wowana.me</title> - <link rel="stylesheet" type="text/css" href="/opal.css"/> - <link href="/blog/feed.atom" type="application/atom+xml" rel="alternate" title="Blog Atom feed"/> - <meta xmlns="http://www.w3.org/1999/xhtml" name="viewport" content="width=device-width, initial-scale=1"/> - </head> - <body> - <div class="sidebar-holder"> - <header class="sidebar"> - <img class="avatar" src="https://seccdn.libravatar.org/avatar/bb7163135b77def7691f06a4e295f3d4?s=290" alt="Libravatar"/> - <h1><a class="nolink" href="/">opal</a></h1> - <p class="subheader">wowaname</p> - <nav class="topnav"> - <ul> - <li><a href="/about.xht">about</a></li> - <li><a href="/blog/">blog</a></li> - <li><a href="/contact.xht">contact</a></li> - <li><a href="/donate.xht">donate</a></li> - <li><a href="/git/">git</a></li> - <li><a href="/pgp.xht">PGP</a></li> - <li><a href="/files/">files</a></li> - <li><a href="/permalink.xht">permalink</a></li> - <li>content is <a href="https://creativecommons.org/share-your-work/public-domain/cc0">public domain</a> unless otherwise noted</li> - </ul> - </nav> - </header> - </div> - -<main> -<h1 id="%22Learning-how-to-learn%22">"Learning how to learn"</h1> - -<time datetime='2018-01-23T18:42:19+0000' title='2018-01-23T18:42:19+0000'>2018 Jan 23</time> - -<p>here's a verbatim essay I wrote in response to the common misconceptions held by many Tor users and <q>privacy freaks</q>:</p> - -<blockquote> - <p>You probably see advice published everywhere – guides and tutorials and lessons. People who claim to have your best interests at heart. Many people do, but at the same time many people don't. And even the people who do can make mistakes. If you don't do so already, you need to learn how to think like a scientist: always sceptical, but never driven by fear. Being able to think for yourself, weighing all information you come across for validity, is a necessary asset that people seem to overlook in their quest toward activism.</p> - -<h2 id="Know-what-you%27re-using">Know what you're using</h2> - -<p>You installed Tor because it's nice and secure. Do you know exactly how it works though? Do you know what happens if you use it wrong?</p> - -<p>I see these technologies get thrown around all the time in privacy-related conversation: Tor, VPN, PGP, Tails. And for the aspiring hackers, Kali comes up quite often. All these things are fine, but people discover them more out of haphazard curiosity than anything. They know what these things are, they know that others tell them to use these things, but they don't often know why people talk about them so much.</p> - -<p>Read up about these subjects. You don't have to do an entire research debacle on them, but you should be able to summarise to yourself what everything does and why it works. Wikipedia is a great resource; it's concise and you can always branch out to learn more if you're interested. Once you know exactly what these technologies were made for, you will be able to utilise them intelligently.</p> - -<p>I can summarise up a few common misconceptions: Tor's primary purpose is to provide a secure proxy to the Web, while I2P's is to provide an anonymous network that replaces the Web. A commercial VPN is for privacy, while Tor is for anonymity (this article explains their differences nicely).</p> - -<p>Tails and Kali are simply customised Linux distributions (these two happen to be Debian-based), meaning that I could take Arch Linux (or your favourite distro) and replicate the functionality of either, after I take the time to configure it to my liking. The reason people use Tails, Whonix, or Kali is because they trust the developers to make a system that meets their needs, and they are incapable or unwilling to configure their own system. Ultimately, the choice of operating system is up to you; there is no "best" operating system, so try various systems out until you find your match.</p> - -<h2 id="Be-sceptical">Be sceptical</h2> - -<p>Don't believe everything you see. Professionals make mistakes, amateurs make mistakes, you and I make mistakes. Even with these guides, you should use your own judgment and filter out what seems logical. I wrote this in hopes that I was making sense, in hopes that my logic was sound and worth reading. But, I can always miss important things, and I'm here to learn just as everyone else is. After reading anything, you should cross-reference with other information if you're unsure about certain points, and ultimately you should test the information against your own knowledge to see if it fits in with what you believe.</p> - -<p>Knowledge evolves; people go to sleep believing in one cause, only to wake up believing in something else. The best any of us can do is follow what our heart says, keep our wits about us, and hope that our current beliefs will lead us on a better path.</p> - -<h2 id="Lead-effectively">Lead effectively</h2> - -<p>A good leader shows power by being motivated and experienced, not by being deceptive and forceful. You gain followers by relating with them, by sharing common core values, and by educating them. People should follow you because it is their decision to do so, because they actually wish to listen to you. If someone leaves you, do not try to pull them back; it only means that they felt your group was not the best fit in terms of ideals, goals, or methods. If everyone leaves you, you may want to ask why and adjust your actions based on the response. Leaders are people too, and they're bound to make mistakes, but a good leader (and a well-formed group) can recover from these mistakes quickly and easily.</p> - -<p>With that said, leadership is bound to change. It's natural, it's seamless (in a mature group, people just know who's "in charge" simply by the way they present themselves in the group), and it fosters new ideas and a different way of approaching issues. When starting a group, don't worry about who's head; that will come naturally and by consensus. Just focus on what you, as a group, need to do, and take everyone's opinions and suggestions into account. There should be an equal level of trust placed on all group members, and if the group simply cannot trust someone then it should make a decision on whether removing the person from the group is the best move. Feelings may be hurt, but a good group is resilient to this sort of friction. The group will carry on its business and wait for the conflict to pass.</p> - -<p>Most importantly, never trust someone solely because they are a figurehead. There is a strong difference between a figurehead and a true leader, and more often than not, people will grow to oppose a figurehead once they begin learning the truth about him. A figurehead is usually defaulted into power – either by status or by money or heritage. In contrast, a leader starts out as an equal and is brought into high esteem by his peers. Both leaders and figureheads are influential, but figureheads will hardly have your best interests at heart. Figureheads will do what they need to retain power, and they will trick others into believing whatever they have to say. They rely on the power of emotion in order to convince others that certain views are correct. And once they have a following, they can dispatch whatever lies they wish, knowing that their followers will eagerly eat it up.</p> - -<p>If you think this part sounds a bit overreactionary, I apologise, but I have seen this cult-like pattern in quite a few groups, namely the social justice movement. Everyone in the movement is bound together by a common emotional appeal: they are all minorities (real or imagined) and they seek safety in their circle by rejecting outsiders and playing the role of a victim. This is a toxic, spiraling attitude that only strengthens the power of the group, and the worst part is, people who seek acceptance see this movement and think they are doing the "right thing" by promoting minorities. So, they join in, finally feeling a sense of acceptance, and they learn from others in the movement that the patriarchy is the cause of all suffering in the world. A logical person would dismiss this claim and assign the blame to real issues (sexism and racism are issues, but not in the ways that the social justice movement claims), but once you have given someone hope and reassurance, you can make them believe whatever you wish.</p> -</blockquote> -</main> - </body> -</html> diff --git a/out/blog/living-without-discord.xht b/out/blog/living-without-discord.xht @@ -1,247 +0,0 @@ -<?xml version="1.0" encoding="UTF-8"?> -<!DOCTYPE html> -<html xmlns="http://www.w3.org/1999/xhtml" lang="en-GB"> - <head> - <title>living without Discord – wowana.me</title> - <link rel="stylesheet" type="text/css" href="/opal.css"/> - <link href="/blog/feed.atom" type="application/atom+xml" rel="alternate" title="Blog Atom feed"/> - <meta xmlns="http://www.w3.org/1999/xhtml" name="viewport" content="width=device-width, initial-scale=1"/> - </head> - <body> - <div class="sidebar-holder"> - <header class="sidebar"> - <img class="avatar" src="https://seccdn.libravatar.org/avatar/bb7163135b77def7691f06a4e295f3d4?s=290" alt="Libravatar"/> - <h1><a class="nolink" href="/">opal</a></h1> - <p class="subheader">wowaname</p> - <nav class="topnav"> - <ul> - <li><a href="/about.xht">about</a></li> - <li><a href="/blog/">blog</a></li> - <li><a href="/contact.xht">contact</a></li> - <li><a href="/donate.xht">donate</a></li> - <li><a href="/git/">git</a></li> - <li><a href="/pgp.xht">PGP</a></li> - <li><a href="/files/">files</a></li> - <li><a href="/permalink.xht">permalink</a></li> - <li>content is <a href="https://creativecommons.org/share-your-work/public-domain/cc0">public domain</a> unless otherwise noted</li> - </ul> - </nav> - </header> - </div> - -<main> -<h1 id="living-without-Discord">living without Discord</h1> - -<time datetime='2019-09-20T14:55:27+0000' title='2019-09-20T14:55:27+0000'>2019 Sep 20</time> - -<p>(okay, it's easy, and I've done it before. but since the E-mail thread -on the matter generated a lot of attention, I figured it was appropriate -to give some context in more of a prose format, as well as what I have -done to remain as a member in some communities in which I participate.)</p> - -<p>a quick chronological recap of my Discord usage:</p> - -<ul> -<li><strong><time datetime="2017-01-09">2017 Jan 09</time></strong>: I create a new -account on Discord, after having left it for a while due to being fed -up with the guilds I joined at the time. they were communities around -a video game I play, Agario, and quickly I figured out that I would -much rather play the game than get into drama within specific player -groups. by 2017 I was using Discord mostly to keep up with Twitch -communities and a variety of other video games, software projects (why -they choose Discord for their projects is beyond me), and various -communities.</li> -<li><p><strong><time datetime="2018-07-01">2018 Jul 01</time></strong>: I E-mail Discord -support because I started receiving reCAPTCHAs upon login, not for -Tor, but for using my VPS' IP address which has never been a vector -for abusive traffic nor has been blacklisted during my ownership of -the address:</p> - -<blockquote> - <p>Today I set up TOTP two-factor authentication for Discord, hoping I -could remove the E-mail confirmation and the reCAPTCHA for login. I had -to switch to a VPN IP address just now because my ISP has been unable -to resolve certain websites lately, including Discord, and so the -reCAPTCHA is giving me trouble and asking me to fill in a LOT of -captchas even though I'm sure I'm getting them right. I assume the IP -address I'm currently using is "high risk" in Google's database, but I -can't really help it.</p> - -<p>I don't have all night to fill these out just to check up on the chats -I'm in, so can you please care to explain why this extra step is -necessary for an otherwise-protected account? Other sites such as -NameCheap let me bypass CAPTCHA check if I set up two-factor.</p> -</blockquote> - -<p>Discord's response stated, <q>Right now, enabling 2FA on your account -will help you bypass the change in IP address emails for Discord, -however if we suspect suspicious activity you could still be flagged -with a Captcha.</q> I can't fairly say that I was ever suspect for -<q>suspicious activity</q> but regardless, Discord said they would -<q>pass [my] idea</q> along. to this day, it seems their login -mechanism has been untouched.</p></li> -<li><p><strong><time datetime="2018-10-04">2018 Oct 04</time></strong>: yet another -reCAPTCHA incident:</p> - -<blockquote> - <p>I want to use Firefox to access Discord now, but the reCAPTCHA is -endless and keeps telling me I have failed and that my browser is -sending automated queries. It continues to do this even if I allow all -cookies and scripts on the page (I use an addon to whitelist these for -security), and even if I disable any proxies and use my real IP -address. Audio reCAPTCHA tells me I need to try again later as well -(which seems unfair to blind users). As I have stated before, I have -two-factor authentication which should be enough to let me log in.</p> -</blockquote> - -<p>Discord would not waive their CAPTCHA requirement even still, and I -had to work around by <q>[l]ogging in from another browser, logging -out, and then logging in from Firefox</q>. as you can hopefully see by -now, I have a lot of problems simply with their login process, even -before my full use of Tor on the site.</p></li> -<li><p><strong><time datetime="2019-08-15">2019 Aug 15</time></strong>: after a long -period of Tor usage, working around the CAPTCHA issues by simply -waiting not to be served one upon login (and then proceeding <em>never</em> -to clear Discord cookies) I invite a user on my <q>friends</q> list to -a guild I had just created. almost instantly, this triggered a phone -verification prompt, which I could not bypass by using the mobile app -or another browser, even without Tor. this was not the first invite -I've sent to someone in my Discord contacts with Tor. the only -difference I can see is that my guild was less than a week old, but it -already had a few members from a public invite I sent in another -channel.</p> - -<p>you can see that E-mail exchange in <a href="/blog/guess-im-done-with-discord.xht" title="guess I'm done with Discord">my previous post</a>.</p></li> -<li><strong><time datetime="2019-08-16">2019 Aug 16</time></strong>: at least Discord -is a step above many other companies, letting me delete my account -without having login access to it. I was able to initiate the deletion -process over a support E-mail, and two weeks later, the account has -officially been deleted. people on Discord have confirmed that my -account has disappeared from the user listings.</li> -<li><strong>now</strong>: I am able to participate in certain guilds without the need -for a Discord account. I'll explain below.</li> -</ul> - -<hr /> - -<p>the E-mail exchange between me and Discord ended up on <a href="https://news.ycombinator.com/item?id=20789799">Hacker News</a> -to which it received a lot of attention, including that of a Discord -developer who claims that <q>code [his] team wrote caused [my] account -to be locked.</q> some misconceptions surfaced that I would like to -address:</p> - -<ul> -<li>yes, the tone for my E-mails was very blunt. I never degenerate to -this stage unless I am repeatedly dealing with someone's issues. it -seems to be the only way people will listen sometimes. I know E-mail -etiquette but I will not pretend to be something I am not, no matter -the medium. I am aware that customer service representatives have to -deal with a lot of shit on a regular basis, which is why I never gear -my frustrations to the representatives themselves, but instead to the -company they represent (except in some odd cases where the -representative is legitimately braindead, which hasn't been the case -for Discord).</li> -<li>some (now dead/flagged) comments suggested the usual: that I was a -criminal for using Tor, that I should use a VPN, that I was attacking -Discord even though I believe my initial blog post on the matter was -impartial, that Tor traffic somehow happened to kill their parents and -rape their kids, et cetera. I commented in the discussion already, -that I use Tor to encourage privacy awareness on the Internet. it's -less out of my own necessity for privacy (I use a normal Web browser -configured with a proxy and whatever privacy/security/anti-nuisance -tweaks I wished to include, rather than opting for Tor Browser. I -would still suggest Tor Browser for near-absolute anonymity at the -software level) and more to prove a point that yes, Tor is usable on -the Web, and yes, there is legitimate Tor traffic, especially from -censored countries and ISPs. the fact that Tor also attracts nefarious -usage is unfortunate yet unavoidable. people <em>need</em> to find other ways -of addressing issues inherent with the Internet.</li> -<li><p>the Discord employee himself suggested I purchase a burner phone for -the purpose of verifying my account. does anyone else find this -absurd? I didn't make a direct reply to him because I honestly was -getting tired of following the HN discussion, but it's odd that -developers know of ways around supplying a <q>legitimate</q> phone -number and not only don't see them as an issue, but also actively -encourage such practices.</p> - -<p>simply put, I will not pay any amount of money either directly or -indirectly for Discord. phone verification should never be a -requirement, either, since there are still people who only have -landlines (which Discord's partner Twilio does not support) or who -don't have a phone at all. and then there are the class of people who -only need/want VoIP, which as I stated in another comment, I would -eventually drop my cellular provider in favour of setting up a VoIP -phone, and then just prepaying for a data SIM, using Wi-Fi most of the -time. I believe this to be more cost-effective considering I want to -go all-out on my home Internet when I'm able to live on my own, and -given that the USA doesn't have a good choice of telcos, I can also -avoid financing those companies.</p></li> -</ul> - -<p>it isn't all bad, though. many people expressed agreement with me, -stating such things as:</p> - -<ul> -<li>while I hadn't paid for the service, it wouldn't have made a -difference even if I had paid e.g. for Nitro. others have complained -that Nitro subscribers do not receive elevated customer service. one -person stated that my mere presence on Discord helped to make it a -more viable product (however small my individual impact) and in that -way, I was actually <q>paying</q> Discord simply by using it and -strengthening its network effect.</li> -<li>Twilio's phone database is too poor and outdated to be viable for -verification, false-flagging users' phone numbers as VoIP when this is -not the case. chalk up another one for <q>phone verification is -awful</q>.</li> -<li>my tone in the support ticket was actually warranted (I was a bit -surprised to hear others side with me on this).</li> -<li>various assertions that Discord doesn't care about its userbase, that -reCAPTCHA is broken, … you know, painfully obvious things that some -people simply live with rather than avoid them. it's understandable; I -chose my own battles, and I will continue to use the Web in the manner -that I do, just to prove a point that it is possible to take the Web -back into my own hands.</li> -</ul> - -<hr /> - -<p>shortly after I requested deletion of my Discord account, I had set up -<a href="https://github.com/matrix-org/synapse">Synapse</a> for the <a href="https://matrix.org/">Matrix</a> chat protocol, where my public instance -now resides at <a href="https://matrix.volatile.bz/">https://matrix.volatile.bz/</a>. but before you make an -account on there, be warned that I provide zero guarantees for usability -or uptime. while I personally do use it, I am looking into an -alternative which would hopefully not use up so many resources and would -be more performant. so far, most (or, more accurately, all) of the -Matrix ecosystem is in a state of heavy development. personally I have -little faith in Matrix's long-term success, but at least there are -plenty of ways to bridge different other chat networks together, -including Discord.</p> - -<p>since I could not generate an API key for Discord (I'd have to ask -someone to do this on my behalf) and I simply did not want to run the -<a href="https://github.com/Half-Shot/matrix-appservice-discord" title="matrix-appservice-discord">node.js bridging software</a> due to fear of -running into issues with my already-limited resources, I settled for -<a href="https://t2bot.io/discord/">t2bot</a>, a public bridging service that bridges Telegram and Slack in -addition to Discord. sure, there are some issues with relation to -latency, but I believe this is justified by not having to hassle with -running the software myself. and for that I thank TravisR for offering -such a service. (you can <a href="https://t2bot.io/donations/">donate</a> to keep his -service alive if you wish.)</p> - -<p>this bridge now operates for the <a href="https://battlepedia.org/">BFBB Modding</a> guild, a community -dedicated to dissecting and making mods for the 2003 console game -<em>SpongeBob SquarePants: Battle for Bikini Bottom</em>, a game I loved as a -kid and would never have expected such a following to this day; as well -as a small general chat guild for another community that disbanded -recently. I was a moderator in the BFBB guild due to my efforts for -hosting the game's wiki, and an administrator in the latter guild, which -incidentally had to be recreated because I could no longer transfer -ownership to another member. a third guild related to Minecraft -advertised their Matrix bridge to me, so I am joined there as well. I am -not sure whether the bridge existed already or if my departure from -Discord prompted them to set up a bridge; in any case, it's cool that -some other people see eye-to-eye with the issues Discord introduces to -free, open chat.</p> -</main> - </body> -</html> diff --git a/out/blog/my-and-your-pgp-habits-could-be-better.xht b/out/blog/my-and-your-pgp-habits-could-be-better.xht @@ -1,66 +0,0 @@ -<?xml version="1.0" encoding="UTF-8"?> -<!DOCTYPE html> -<html xmlns="http://www.w3.org/1999/xhtml" lang="en-GB"> - <head> - <title>my (and your) PGP habits could be better – wowana.me</title> - <link rel="stylesheet" type="text/css" href="/opal.css"/> - <link href="/blog/feed.atom" type="application/atom+xml" rel="alternate" title="Blog Atom feed"/> - <meta xmlns="http://www.w3.org/1999/xhtml" name="viewport" content="width=device-width, initial-scale=1"/> - </head> - <body> - <div class="sidebar-holder"> - <header class="sidebar"> - <img class="avatar" src="https://seccdn.libravatar.org/avatar/bb7163135b77def7691f06a4e295f3d4?s=290" alt="Libravatar"/> - <h1><a class="nolink" href="/">opal</a></h1> - <p class="subheader">wowaname</p> - <nav class="topnav"> - <ul> - <li><a href="/about.xht">about</a></li> - <li><a href="/blog/">blog</a></li> - <li><a href="/contact.xht">contact</a></li> - <li><a href="/donate.xht">donate</a></li> - <li><a href="/git/">git</a></li> - <li><a href="/pgp.xht">PGP</a></li> - <li><a href="/files/">files</a></li> - <li><a href="/permalink.xht">permalink</a></li> - <li>content is <a href="https://creativecommons.org/share-your-work/public-domain/cc0">public domain</a> unless otherwise noted</li> - </ul> - </nav> - </header> - </div> - -<main> -<h1 id="my-%28and-your%29-PGP-habits-could-be-better">my (and your) PGP habits could be better</h1> - -<time datetime='2018-07-15T02:11:20+0000' title='2018-07-15T02:11:20+0000'>2018 Jul 15</time> - -<p>I am an opportunistic PGP user, and I've used PGP for quite some time. if you encrypt mail to me, I'll encrypt back. if a download has a signature, I'll check it. I sign every one of my blog posts automatically, thanks to some dirty hacks to <a href="https://github.com/cfenollosa/bashblog">bashblog</a>.</p> - -<p>what's the issue then? well, I don't always do it religiously. I used to have a proper canary, but I abandoned it because it was a hassle on my end and I was afraid that nobody checked it anyway (I was wrong, one person actually did check it). that's why I have switched to blogging, which is sort of a more natural medium to sign and doesn't require me to go as out of my way to update (and even then, I have been slacking on my blog really hard).</p> - -<p>there are some other issues with my current use of PGP. check to see if the following also applies to you:</p> - -<ul> -<li><a href="https://alexcabal.com/creating-the-perfect-gpg-keypair/">creating a perfect keypair?</a> forget it. I don't have an airgapped device to do this safely. and even if I settled for a special removable medium, I used to have some trouble importing my stripped keypair into <a href="https://openkeychain.org/">OpenKeychain</a>. not to mention, the GnuPG utility – or any utility, for that matter – doesn't really have first-class support for this kind of scenario. there are a lot of issues with PGP's user experience, and I'll go into more detail with those later.</li> -<li>confirming trust of keys by signing them? signing keys and publishing my signatures to keyservers? it's difficult for me to remember to do this. so far, I'm pretty sure I have signed fewer than a dozen other people's keys.</li> -<li>confirming keys in general? I do basic checking, but I don't know how much is enough.</li> -<li>maintaining my key properly? who knows, honestly. I have not had a religious policy for subkey creation, deletion, and renewal. nor do I really know what is the <q>optimal</q> practice for maintaining my key.</li> -<li>refreshing and maintaining my keyring? a while ago, I found <a href="https://riseup.net/en/security/message-security/openpgp/best-practices#refresh-your-keys-slowly-and-one-at-a-time">a safer way to do this</a> but I have never ended up using it. furthermore, I have made very little effort to remove invalid keys from my keyring.</li> -</ul> - -<p>here are some issues I have seen with others' use as well as when I have been trying to use PGP with others:</p> - -<ul> -<li>first off, this is really on my side: I use elliptic-curve subkeys for signing and encryption, but I also have RSA 4096 subkeys when communicating with older PGP implementations. there are a few issues I have run into with this, such as not really knowing which subkeys I'm using since I let programs handle this automatically, as well as possible delivery errors because my recipient has no support for ECC algorithms. it's all very opaque to me and I tend to dismiss errors as <q>their issue, not mine</q> while in hindsight that might not have actually been the case.</li> -<li>I have seen many people, especially on Tor, try to be smart and reveal as little detail about them in their key metadata. this is straight-up <em>the wrong way to use PGP</em> especially over E-mail. your address <em>is not</em> <code>asdasdfsdf@asdf.asd</code>, stop making your key more difficult to use. create separate keys for separate purposes and use them appropriately.</li> -<li>since there is no <q>right way</q> of using PGP, we end up with people using all kinds of algorithms, all kinds of expiry policies, all kinds of renewal policies. some people properly renew their keys, others create new keys to replace the old ones (and I was guilty of this). some people's keys expire never, others' expire next week. I know some of this is a personal threat model consideration, but still, I believe too many people set unrealistic, unsafe expiries on their keys.</li> -</ul> - -<p>and lastly, usability and interface issues. it feels like XMPP all over again, what with all the different clients and none of them implementing the full standard in a correct and easy-to-use manner. there are practically no full-featured GUI frontends for PGP, and the GnuPG commandline implementation discourages newbies (and even people like me) from figuring out how to correctly maintain personal keypairs and a full keyring. I use keys for different purposes (some for E-mail, others for download signing) and it isn't immediately obvious that I could probably have two or more keyrings for that. also, is it possible to attach metadata to PGP keys (such as your XMPP account, website, or anything else that could possibly help verify people)? if it's possible, I surely don't know how to do it, nor do I know where I can search for more information.</p> - -<p>so, my suboptimal use of PGP is everyone's fault. and if you use PGP, you're probably using it suboptimally as well. I don't want to bash PGP outright for being a poor standard – I mean, come on, it has been around for decades, and it's still suggested by security professionals. but over those decades, <em>very little</em> has been done to change the state of affairs, and it's so easy to use it wrong.</p> - -<p>as always, I accept E-mail replies to my posts, but I especially want to hear readers' thoughts on this. I want to gauge how others use PGP, and I want to see what others believe should be the <q>correct</q> way of using it.</p> -</main> - </body> -</html> diff --git a/out/blog/paving-the-road-for-the-future-of-technology.xht b/out/blog/paving-the-road-for-the-future-of-technology.xht @@ -1,57 +0,0 @@ -<?xml version="1.0" encoding="UTF-8"?> -<!DOCTYPE html> -<html xmlns="http://www.w3.org/1999/xhtml" lang="en-GB"> - <head> - <title>paving the road for the future of technology – wowana.me</title> - <link rel="stylesheet" type="text/css" href="/opal.css"/> - <link href="/blog/feed.atom" type="application/atom+xml" rel="alternate" title="Blog Atom feed"/> - <meta xmlns="http://www.w3.org/1999/xhtml" name="viewport" content="width=device-width, initial-scale=1"/> - </head> - <body> - <div class="sidebar-holder"> - <header class="sidebar"> - <img class="avatar" src="https://seccdn.libravatar.org/avatar/bb7163135b77def7691f06a4e295f3d4?s=290" alt="Libravatar"/> - <h1><a class="nolink" href="/">opal</a></h1> - <p class="subheader">wowaname</p> - <nav class="topnav"> - <ul> - <li><a href="/about.xht">about</a></li> - <li><a href="/blog/">blog</a></li> - <li><a href="/contact.xht">contact</a></li> - <li><a href="/donate.xht">donate</a></li> - <li><a href="/git/">git</a></li> - <li><a href="/pgp.xht">PGP</a></li> - <li><a href="/files/">files</a></li> - <li><a href="/permalink.xht">permalink</a></li> - <li>content is <a href="https://creativecommons.org/share-your-work/public-domain/cc0">public domain</a> unless otherwise noted</li> - </ul> - </nav> - </header> - </div> - -<main> -<h1 id="paving-the-road-for-the-future-of-technology">paving the road for the future of technology</h1> - -<time datetime='2018-03-27T01:23:17+0000' title='2018-03-27T01:23:17+0000'>2018 Mar 27</time> - -<p>when computing first became a real thing, they were mainly geared toward big business, education, government, and science. networks were groups of trusted entities, there was less need for security or future-proofing, because nobody had anticipated that this technology would become for personal use in the future. early computing and programming pioneers were passionate about their work; software and hardware were built durably because it was still only a niche market, and everyone in the market cared deeply about quality.</p> - -<p>now, the tide has shifted and with the advent of personal computers and mobile/IoT technologies, both sides of the equation have weakened: the target market has adopted a consumer approach to technology, and the developers have followed suit. there is no push for developers to cater to quality; there is high demand for cheap labour in these fields. small businesses remain insecure, large businesses can get away with opaque policies and planned obsolescence, and decent software and ideas become overlooked for a few reasons: the creators of good software normally work under the mantra of FOSS, they normally work as a hobby in their own free time, and they do not attract much of a following for one big reason: choice.</p> - -<p>give a user a choice between security and ease of use: they'll choose ease of use. give them elegant code or elegant UI, they'll choose UI. it is therefore the <em>developer's responsibility</em> to give users the easy UI/UX they desire <em>as well as</em> the security and elegance they need. some big players like Google understand the value of security (others such as Equifax, maybe not so much, sadly) but they still cut corners with regard to privacy and quality in an effort to take the easy route. because the fact still stands, users have a mentality that <q>anything bad won't happen to me</q> or <q>I have no information that anyone cares to utilise, therefore I must be safe</q> -- they will not do any more than is required to access their services and move on with their life. because of this, it is the developer's responsibility to set a precedence and to give users only one choice.</p> - -<p>I believe that all big businesses can invest enough to improve hardware and software quality; to improve security practices; to approach newer, saner standards that match the growing demands of the twenty-first century. it is a shame that thousand-dollar smartphones are not physically worth a thousand dollars, aside from the brand esteem these products have developed. it is sad that phones are not able to last as long as most cars or computers, or to last half as long as houses; they are seen as disposable technologies that are not built to last. it is sad that people cut corners for safety even though basic security practices are easy and cheap to implement these days; and more-advanced security would cost a short-term investment but set a future-proof standard for this type of thing.</p> - -<p>a lot of things could be implemented today that would be a bit of a speed bump for companies, but it would be a net improvement both for security and for ease of use. some things I want to see implemented:</p> - -<ul> -<li>public/private key authentication for online services rather than passwords. I have touched on this previously and I will say it again because I believe in it so much. users would not have to remember passwords; their software could automatically generate the necessary keys and provide a simple <q>log in</q> button (or fingerprint TFA, something that requires an extra step of authentication but is easy to use), and the software could tell the user to periodically back up these account databases to a flash drive or some other medium.</li> -<li>client-side encryption. we're already increasingly seeing this in some messaging platforms. Google Chrome and Chromium do this for browser setting synchronisation. MEGA.nz does this for file uploads and downloads. it needs to be extended to cloud file storage: your files are tied to your account login, only you (or friends, or people with the link, if you configure filesharing as such) may decrypt and access the files, and the server only sees an encrypted copy of anything, making passive and active file analysis impossible. I wish to see E-mail headed toward the same direction.</li> -<li>the return of user-serviceable appliances. we invented removable parts ages ago for a reason: it allows for reliable, repairable, inexpensive products and cuts down on wastefulness, since a user will not need to throw away the entire appliance if one part is broken.</li> -<li>user education. people and businesses need to know the consequences of inadequate technology. privacy and security are important to protect against identity theft and money fraud. if you are not using secure and reliable technology, you are putting not only yourself but also your friends at risk.</li> -</ul> - -<p>it's a shame that not everyone is passionate about technology and that most people just want things to work without exploring them, but that's a fact of life. what we <em>don't</em> need is for this attitude to leak into developers' attitudes. security and quality can be easy, maybe with some additional short-term costs, but it's for the better.</p> -</main> - </body> -</html> diff --git a/out/blog/site-update.xht b/out/blog/site-update.xht @@ -1,40 +0,0 @@ -<?xml version="1.0" encoding="UTF-8"?> -<!DOCTYPE html> -<html xmlns="http://www.w3.org/1999/xhtml" lang="en-GB"> - <head> - <title>site update – wowana.me</title> - <link rel="stylesheet" type="text/css" href="/opal.css"/> - <link href="/blog/feed.atom" type="application/atom+xml" rel="alternate" title="Blog Atom feed"/> - <meta xmlns="http://www.w3.org/1999/xhtml" name="viewport" content="width=device-width, initial-scale=1"/> - </head> - <body> - <div class="sidebar-holder"> - <header class="sidebar"> - <img class="avatar" src="https://seccdn.libravatar.org/avatar/bb7163135b77def7691f06a4e295f3d4?s=290" alt="Libravatar"/> - <h1><a class="nolink" href="/">opal</a></h1> - <p class="subheader">wowaname</p> - <nav class="topnav"> - <ul> - <li><a href="/about.xht">about</a></li> - <li><a href="/blog/">blog</a></li> - <li><a href="/contact.xht">contact</a></li> - <li><a href="/donate.xht">donate</a></li> - <li><a href="/git/">git</a></li> - <li><a href="/pgp.xht">PGP</a></li> - <li><a href="/files/">files</a></li> - <li><a href="/permalink.xht">permalink</a></li> - <li>content is <a href="https://creativecommons.org/share-your-work/public-domain/cc0">public domain</a> unless otherwise noted</li> - </ul> - </nav> - </header> - </div> - -<main> -<h1 id="site-update">site update</h1> - -<time datetime='2018-03-27T01:30:09+0000' title='2018-03-27T01:30:09+0000'>2018 Mar 27</time> - -<p>by the way, you may be curious as to why some of my websites were down this week. something happened to one of my VPSes so I had to reinstall the operating system and set everything back up. the new install is now enjoying Alpine Linux just like all my other boxes.</p> -</main> - </body> -</html> diff --git a/out/blog/staying-safe-online.xht b/out/blog/staying-safe-online.xht @@ -1,141 +0,0 @@ -<?xml version="1.0" encoding="UTF-8"?> -<!DOCTYPE html> -<html xmlns="http://www.w3.org/1999/xhtml" lang="en-GB"> - <head> - <title>staying safe online – wowana.me</title> - <link rel="stylesheet" type="text/css" href="/opal.css"/> - <link href="/blog/feed.atom" type="application/atom+xml" rel="alternate" title="Blog Atom feed"/> - <meta xmlns="http://www.w3.org/1999/xhtml" name="viewport" content="width=device-width, initial-scale=1"/> - </head> - <body> - <div class="sidebar-holder"> - <header class="sidebar"> - <img class="avatar" src="https://seccdn.libravatar.org/avatar/bb7163135b77def7691f06a4e295f3d4?s=290" alt="Libravatar"/> - <h1><a class="nolink" href="/">opal</a></h1> - <p class="subheader">wowaname</p> - <nav class="topnav"> - <ul> - <li><a href="/about.xht">about</a></li> - <li><a href="/blog/">blog</a></li> - <li><a href="/contact.xht">contact</a></li> - <li><a href="/donate.xht">donate</a></li> - <li><a href="/git/">git</a></li> - <li><a href="/pgp.xht">PGP</a></li> - <li><a href="/files/">files</a></li> - <li><a href="/permalink.xht">permalink</a></li> - <li>content is <a href="https://creativecommons.org/share-your-work/public-domain/cc0">public domain</a> unless otherwise noted</li> - </ul> - </nav> - </header> - </div> - -<main> -<h1 id="staying-safe-online">staying safe online</h1> - -<time datetime='2019-08-24T00:15:20+0000' title='2019-08-24T00:15:20+0000'>2019 Aug 24</time> - -<p>this is an E-mail I typed out and figured it'd be fitting as its own -public post:</p> - -<blockquote> - <p>If you want the closest thing to true anonymity from software -perspective, I'd suggest Tails because it's pre-configured to proxy -everything through Tor. It can be run with a live CD / USB on bare -metal, or it can be used in a virtual machine of the user's choosing -(personally I use qemu for Linux, and I think virt-manager is a GUI -frontend for it, but a lot of people may have heard of VirtualBox -which is cross-platform). Even I use Tails for certain things -although I consider myself to be proficient and able to set up my own -anonymous system; sometimes it isn't worth the trouble when I need to -be sure that my system is safe, though.</p> - -<p>If you want an "everyday setup" where anonymity isn't key, but you -still want security and casual privacy, drop Windows in favour of -Linux, and grab the Tor Browser if you want to browse the Internet -through Tor (not limited to onion websites, which seems to be a -misconception for people "exploring the deep web"). Steam can play a -lot of games in Linux, Wine can run many Windows programs, and as a -last resort, a user can set up a Windows virtual machine or set up -dual-booting (although from my understanding, Windows can fuck with -dualboot partitioning, so this might be an advanced topic. Personally -I don't trust Windows with hardware access at all, anymore). One big -issue (that unfortunately I have to face as well) is NVidia graphics -support in Linux. The best solution to any NVidia issues is to replace -the NVidia GPU with AMD, because AMD ships open-source drivers, or, if -the user doesn't do much gaming then it's likely fine to just use the -integrated graphics from the CPU. It's an unfortunate fact that NVidia -is very anti-consumer; if I had other suggestions you'd bet I would -say, but my friend and I (and many other people) have had nothing but -issues with NVidia.</p> - -<p>For additional safety, no matter whether you use Tor Browser in -Tails, or Tor Browser in Linux, or even a normal browser in Linux -like I do: I strongly suggest disabling JavaScript by default for -sites you don't trust. In Tor Browser, it's as simple as clicking the -NoScript icon in the toolbar to whitelist a website. There was a -NoScript bug found not too long ago that allowed sites to bypass -settings regardless, but this has since been fixed and hopefully -there will not be similar incidents in the future. This is why I -strongly dislike modern Web browsers; they're too big to make sure -that they're entirely bug-free. (I personally use uMatrix instead of -NoScript, because it's much more configurable and can block more than -scripts, but it's probably not best to suggest in a "basic tips" -YouTube video.)</p> - -<p>Like I said in my previous E-mail, a VPN does not help with anonymity -in any way. You can still stick in that sponsorship for PIA if you -make clear it's only to keep users' Internet activity away from -<em>their own ISP</em>, and it gives them a different IP address perhaps in -a different country, if they so choose. This can be useful for -accessing region-locked websites, for instance, or for casual privacy -to prevent other people from finding someone's home IP address. The -VPN can still see and track all users' activity, but my opinions of -PIA aside, I believe from a business standpoint they will be very -careful about what they do with user information. Just know though, -depending on what country a VPN is based in, they might be forced to -comply with requests for user information by law.</p> - -<p>Enough about software; usually people are able to follow along until -it comes to something scary: they aren't safe until they change their -own behaviours as well. I was taught one thing as a kid, practically -every year in school there was a poster or a computer lab teacher -telling us "don't share your personal information with strangers -online". This seems to have been forgotten with the rise of social -platforms that encourage or require users to use their real info, and -it's really sad that things have taken a turn for the worse in this -regard. Even before I knew what Tor was, I never gave people so much as -my name, and to this day, while I did say some dumb shit in my early -teenage years (who hasn't done things before that seem foolish to them -now?) I can at least say I don't regret how I handled my personal -information during all these years. Nowadays, the Internet is a more -hostile place, with more people understanding the power of "big data" -and keen on collecting user information, with all the serious threats -regarding IoT security vulnerabilities (allowing for large-scale DDoS -attacks for cheap, or potentially worse attacks against the devices -themselves). So, it's more important than ever not to give anyone any -information that one might regret sharing later.</p> - -<p>Keeping a healthy amount of scepticism toward other users and services -online has always been a rule of thumb as well, albeit one that's lesser -talked about. (It's normally brought up by school librarians and English -teachers, who urge students to ensure that their citation sources are -credible.) A lot of people especially on Tor phrase it as "don't trust -anyone" which is an imprecise piece of advice. It might be good advice -for people who don't yet know what signs to look out for that tell apart -a normal user from a con artist or a federal agent (and federal agents -are perhaps best-equipped to produce convincing cover identities). I -don't open up to many people online, but I have definitely made at least -a couple real connections with Tor users. A lot of people, I don't -<em>need</em> to trust, such as the people I ask to join the moderation team on -Hidden Answers, or others I ask advice / questions from, for instance. -In the former case, I give moderators just enough access to the site to -do their jobs, and if a rogue moderator happens to slip through, the -damage is normally easily reversible. And we have had some cases of -rogue moderators -- usually just scammers who abused their position for -extra credibility, though. In the latter case, I can use my own logic to -verify whether someone's advice sounds reasonable, or I can cross-verify -with other sources.</p> -</blockquote> -</main> - </body> -</html> diff --git a/out/blog/testing-patches-made-to-bashblog-script.xht b/out/blog/testing-patches-made-to-bashblog-script.xht @@ -1,42 +0,0 @@ -<?xml version="1.0" encoding="UTF-8"?> -<!DOCTYPE html> -<html xmlns="http://www.w3.org/1999/xhtml" lang="en-GB"> - <head> - <title>testing patches made to bashblog script – wowana.me</title> - <link rel="stylesheet" type="text/css" href="/opal.css"/> - <link href="/blog/feed.atom" type="application/atom+xml" rel="alternate" title="Blog Atom feed"/> - <meta xmlns="http://www.w3.org/1999/xhtml" name="viewport" content="width=device-width, initial-scale=1"/> - </head> - <body> - <div class="sidebar-holder"> - <header class="sidebar"> - <img class="avatar" src="https://seccdn.libravatar.org/avatar/bb7163135b77def7691f06a4e295f3d4?s=290" alt="Libravatar"/> - <h1><a class="nolink" href="/">opal</a></h1> - <p class="subheader">wowaname</p> - <nav class="topnav"> - <ul> - <li><a href="/about.xht">about</a></li> - <li><a href="/blog/">blog</a></li> - <li><a href="/contact.xht">contact</a></li> - <li><a href="/donate.xht">donate</a></li> - <li><a href="/git/">git</a></li> - <li><a href="/pgp.xht">PGP</a></li> - <li><a href="/files/">files</a></li> - <li><a href="/permalink.xht">permalink</a></li> - <li>content is <a href="https://creativecommons.org/share-your-work/public-domain/cc0">public domain</a> unless otherwise noted</li> - </ul> - </nav> - </header> - </div> - -<main> -<h1 id="testing-patches-made-to-bashblog-script">testing patches made to bashblog script</h1> - -<time datetime='2017-12-21T21:08:11+0000' title='2017-12-21T21:08:11+0000'>2017 Dec 21</time> - -<p>since I'm using a linux desktop now in place of my windows 8.1 laptop, I can now sanely use linux commands such as gpg and rsync (and the bashblog script itself) to locally sign my posts and transmit them to my server with minimum effort. the <a href="https://github.com/cfenollosa/bashblog">original bashblog script</a> relies heavily on GNUisms especially in the <code>date</code> command, therefore requiring a little effort to adapt to alpine linux (which uses busybox and not coreutils) and the inability to use some of these odd GNU requirements. I wish people would pay attention to compatibility; everyone seems to focus only on GNU and BSD and completely forgets about POSIX standards and requirements.</p> - -<p>anyway, this post should be signed (click <q>PGP signature</q> near the top of this post to get a markdown version of the article along with the appended PGP signature). I will manually sign previous blog posts as well, for completeness.</p> -</main> - </body> -</html> diff --git a/out/blog/the-grey-area-of-paedophilia.xht b/out/blog/the-grey-area-of-paedophilia.xht @@ -1,56 +0,0 @@ -<?xml version="1.0" encoding="UTF-8"?> -<!DOCTYPE html> -<html xmlns="http://www.w3.org/1999/xhtml" lang="en-GB"> - <head> - <title>the grey area of paedophilia – wowana.me</title> - <link rel="stylesheet" type="text/css" href="/opal.css"/> - <link href="/blog/feed.atom" type="application/atom+xml" rel="alternate" title="Blog Atom feed"/> - <meta xmlns="http://www.w3.org/1999/xhtml" name="viewport" content="width=device-width, initial-scale=1"/> - </head> - <body> - <div class="sidebar-holder"> - <header class="sidebar"> - <img class="avatar" src="https://seccdn.libravatar.org/avatar/bb7163135b77def7691f06a4e295f3d4?s=290" alt="Libravatar"/> - <h1><a class="nolink" href="/">opal</a></h1> - <p class="subheader">wowaname</p> - <nav class="topnav"> - <ul> - <li><a href="/about.xht">about</a></li> - <li><a href="/blog/">blog</a></li> - <li><a href="/contact.xht">contact</a></li> - <li><a href="/donate.xht">donate</a></li> - <li><a href="/git/">git</a></li> - <li><a href="/pgp.xht">PGP</a></li> - <li><a href="/files/">files</a></li> - <li><a href="/permalink.xht">permalink</a></li> - <li>content is <a href="https://creativecommons.org/share-your-work/public-domain/cc0">public domain</a> unless otherwise noted</li> - </ul> - </nav> - </header> - </div> - -<main> -<h1 id="the-grey-area-of-paedophilia">the grey area of paedophilia</h1> - -<time datetime='2018-04-28T20:38:43+0000' title='2018-04-28T20:38:43+0000'>2018 Apr 28</time> - -<p>before anyone gets shocked: <strong>I am against rape and abuse of any kind.</strong> this post is only to address the fact that most people -- those who claim to protect the rights of children -- are focusing in the wrong places.</p> - -<p>lately, I have come across articles online that explain the difference between Western and Japanese views on <a href="https://wikipedia.org/wiki/Lolicon">lolicon</a> (which refers to Japanese media that focuses on cartoon underage girls). contrarily, I have also come across some real counts of child abuse such as <a href="https://www.thenewamerican.com/usnews/crime/item/25713-dr-phil-interview-exposes-global-elite-pedophiles">a review on Dr. Phil's interview that <q>exposes global elite pedophiles</q></a> which seems to sum up the issue the best.</p> - -<p>also within the past year, various people have questioned my stance on paedophilia, and they seem to not grasp a full picture on my beliefs, so I would like to make this all clear within a full written explanation, complete with supporting information.</p> - -<p>where am I going with this? in the Americas and Europe, there seems to be a sacred air around anything involving children. this is not necessarily a bad thing; children are impressionable and deserve every chance to experience a fulfilled life without fear of harm in any way. but it seems as if this is being used as an <em>excuse</em> to push certain legislation and cultural norms, rather than an actual reason for focusing on these issues. take for example child exploitation. somehow a count for rape is deemed lesser than a count for child rape? what's the difference? they're both inhumane and deserve harsh <q>eye for eye</q> punishment in my book. so why is it any worse for this to happen to children than for it to happen to anyone else?</p> - -<p>both adult and child molestation are sadly very prominent in the world, not only with undeveloped nations but also with this global elite -- sometimes the same people who publicly support legislation to crack down on child abuse. if that isn't hypocritical, nothing is.</p> - -<p>but are we focused on the right issues? being an active member in various Tor/I2P hidden service communities, as well as on online imageboards, I see a lot of talk against the possession of child pornography itself. there is no mention about the severity of the case, and to these people, a picture of a fourteen-year-old posing nude in a mirror is fully equivalent to one of a violent rape scene involving children who may not even be old enough to talk. these people stop at the mention of <q>children</q> and don't take into account all of the aspects of whatever they're speaking against.</p> - -<p>the fourteen year old? fourteen is an age of consent in various parts of the world, and it is a natural stage in life for sexual exploration. should someone post their nudes on the internet -- probably not, because they might regret it later, but this is true for any aged person, right? I'm sure some twenty- and thirty-somethings have regretted drunkenly posting sexual depictments of themselves for everyone to see. to sum up, I don't see why this should be up for legislation to decide. children should be educated on what is okay and not okay to post online instead, and they need to learn to think for themselves.</p> - -<p>the rape scene? this is <strong>not okay</strong>. this is what people need to focus on when they are advocating for humane reform. it is a very real issue and many people, children and adults alike, are involuntarily involved in the sex trade every day, with little to no hope of escaping this life. <em>this</em> should be what I see when I hear people speaking against child abuse. with enough care, these injustices can be corrected, and police may work together so that the criminals responsible may be punished (by death, as far as I care). that way, we are <em>objectively</em> making the world a more humane place, and we aren't only satisfying people who hold subjectively-moral beliefs. you as an individual are welcome to have your own beliefs, but please focus on concrete efforts to stop unjust activity in the world.</p> - -<p>I don't typically like to be involved in political discussion, but this issue has been concerning me for a while, and people genuinely believe I am a paedophile due to my <q>liberal</q> opinions of paedophilia and lolicon. as I have said, my issue is about the different classifications of crimes against children versus those against adults. crime is crime, no matter the victim.</p> -</main> - </body> -</html> diff --git a/out/blog/trying-new-software.xht b/out/blog/trying-new-software.xht @@ -1,59 +0,0 @@ -<?xml version="1.0" encoding="UTF-8"?> -<!DOCTYPE html> -<html xmlns="http://www.w3.org/1999/xhtml" lang="en-GB"> - <head> - <title>trying new software – wowana.me</title> - <link rel="stylesheet" type="text/css" href="/opal.css"/> - <link href="/blog/feed.atom" type="application/atom+xml" rel="alternate" title="Blog Atom feed"/> - <meta xmlns="http://www.w3.org/1999/xhtml" name="viewport" content="width=device-width, initial-scale=1"/> - </head> - <body> - <div class="sidebar-holder"> - <header class="sidebar"> - <img class="avatar" src="https://seccdn.libravatar.org/avatar/bb7163135b77def7691f06a4e295f3d4?s=290" alt="Libravatar"/> - <h1><a class="nolink" href="/">opal</a></h1> - <p class="subheader">wowaname</p> - <nav class="topnav"> - <ul> - <li><a href="/about.xht">about</a></li> - <li><a href="/blog/">blog</a></li> - <li><a href="/contact.xht">contact</a></li> - <li><a href="/donate.xht">donate</a></li> - <li><a href="/git/">git</a></li> - <li><a href="/pgp.xht">PGP</a></li> - <li><a href="/files/">files</a></li> - <li><a href="/permalink.xht">permalink</a></li> - <li>content is <a href="https://creativecommons.org/share-your-work/public-domain/cc0">public domain</a> unless otherwise noted</li> - </ul> - </nav> - </header> - </div> - -<main> -<h1 id="trying-new-software">trying new software</h1> - -<time datetime='2018-02-11T12:01:13+0000' title='2018-02-11T12:01:13+0000'>2018 Feb 11</time> - -<p>I haven't been motivated to write anything lately, but I guess I can give an update on what software I am currently trying or going to try:</p> - -<ul> -<li>neovim, to replace vim. I chose it because the codebase and development is supposed to be cleaner and less dependent on one person pulling in patches. liking it so far; it also has a few small features I've been looking for in vim, namely the ability to resize panes using mouse. this may have already been possible in vim but it has never worked for me.</li> -<li>neomutt, saw it when I was looking up mutt and chose it because it offers some plugins built-in. once I configure it I may replace seamonkey with that and a different internet browser. first issue I see with mutt/neomutt is lack of mouse support, but I'll still play with it for a while.</li> -<li>sway (wayland compositor). I haven't really had a chance to try this yet but I want to see how well wayland works, and I may switch to it from X.</li> -<li>ConnMan, to replace NetworkManager. it's definitely light and apparently it supports USB tethering and bluetooth PAN, so I'll give it a shot.</li> -</ul> - -<p>I also downloaded some ISOs to play with in qemu:</p> - -<ul> -<li>Void Linux -- haven't run it yet</li> -<li>TempleOS -- tried it, it works but the 100% sound volume scared me</li> -<li>ReactOS -- it won't boot properly; I'll have to look at the error again</li> -<li>Gentoo -- I used this briefly years ago but haven't accustomed myself to it at all. I want to install it with musl and busybox, possibly also a hardened profile.</li> -<li>Plan 9 -- haven't run it yet</li> -</ul> - -<p>aside from that, I had a very spiritual dream last night so I have decided to keep a dream/meditation log now. I used to keep a dream log years ago but stopped due to lack of interest. hopefully I keep my interest this time, because I feel I may be able to learn some things from my experiences. if I make any notable discoveries I may write about them here.</p> -</main> - </body> -</html> diff --git a/out/blog/why-i-no-longer-use-github.xht b/out/blog/why-i-no-longer-use-github.xht @@ -1,82 +0,0 @@ -<?xml version="1.0" encoding="UTF-8"?> -<!DOCTYPE html> -<html xmlns="http://www.w3.org/1999/xhtml" lang="en-GB"> - <head> - <title>why I no longer use GitHub – wowana.me</title> - <link rel="stylesheet" type="text/css" href="/opal.css"/> - <link href="/blog/feed.atom" type="application/atom+xml" rel="alternate" title="Blog Atom feed"/> - <meta xmlns="http://www.w3.org/1999/xhtml" name="viewport" content="width=device-width, initial-scale=1"/> - </head> - <body> - <div class="sidebar-holder"> - <header class="sidebar"> - <img class="avatar" src="https://seccdn.libravatar.org/avatar/bb7163135b77def7691f06a4e295f3d4?s=290" alt="Libravatar"/> - <h1><a class="nolink" href="/">opal</a></h1> - <p class="subheader">wowaname</p> - <nav class="topnav"> - <ul> - <li><a href="/about.xht">about</a></li> - <li><a href="/blog/">blog</a></li> - <li><a href="/contact.xht">contact</a></li> - <li><a href="/donate.xht">donate</a></li> - <li><a href="/git/">git</a></li> - <li><a href="/pgp.xht">PGP</a></li> - <li><a href="/files/">files</a></li> - <li><a href="/permalink.xht">permalink</a></li> - <li>content is <a href="https://creativecommons.org/share-your-work/public-domain/cc0">public domain</a> unless otherwise noted</li> - </ul> - </nav> - </header> - </div> - -<main> -<h1 id="why-I-no-longer-use-GitHub">why I no longer use GitHub</h1> - -<time datetime='2018-06-21T13:32:04+0000' title='2018-06-21T13:32:04+0000'>2018 Jun 21</time> - -<p>I have had issues with GitHub long before the Microsoft acquisition this year. in fact, Microsoft is the best thing that could have happened to it because it's an excuse for people to leave GitHub. but for everyone who continues to use it, who has built their FOSS projects on top of its infrastructure, they need a little more motivation to move than just an acquisition scare. and the fact that these projects stay behind inconveniences me, as a FOSS contributor, especially if they outright <em>refuse</em> to collaborate outside of GitHub and they <em>insist</em> on you making an account, opening pull requests and new issues through the web interface.</p> - -<p>since I am tired of reiterating to every project the reasons I refuse to sign up to and contribute via GitHub, I feel like the best course of action is to write it all out, once, and give this article to anyone who asks. plus, maybe all my readers may find this an interesting read to perhaps rethink their decision to use GitHub for their projects.</p> - -<h2 id="GitHub-is-not-FOSS">GitHub is not FOSS</h2> - -<p>GitHub boasts its love for the FOSS community, but the site itself runs on proprietary software. if you hate double standards as I do, you may stop reading as you should be content with the answer I gave you.</p> - -<p>but really, look at GitLab in comparison. GitLab is the leading competitor and the current go-to for most people fleeing GitHub because of its similar <q>social coding</q> interface. guess what? it's FOSS, so you can take GitLab's software and run it on your own server. and from what I understand, GitLab manages to be a for-profit company despite the fact it gives away its software to the community, so why doesn't the <q>FOSS-loving</q> GitHub do it as well? it just doesn't fly with me.</p> - -<h2 id="GitHub-is-%28poorly%29-reinventing-git">GitHub is (poorly) reinventing git</h2> - -<p>git is a distributed version control system. it says that right on the tin. and it does a damn good job at being one. so why turn it into something that it isn't? I don't know, but GitHub seems happy doing away with many of the benefits of this. with plain git, I can stick my repository anywhere, give people the link to clone it, and take pull requests through mail. everyone on the Internet has an E-mail address (which is also a federated communication technology, so it's easy to see how it can be best friends with git) and E-mail doesn't lock you into a single terms-of-service agreement (I'll go in depth on that in a bit). this makes it easier for the passerby to contribute to a project, regardless where the project is hosted. no new user accounts necessary.</p> - -<p>with GitHub, E-mail is second-class and people become spoiled by the wrong way of doing things, so they insist that you do things the wrong way as well. this is called <em>vendor lock-in</em> and it's very bad especially for FOSS projects. you can witness a similar effect between <a href="https://www.blender.org/media-exposure/youtube-blocks-blender-videos-worldwide/">Blender and YouTube</a> that surfaced recently. GitHub knows it has you by the nape and can shut you down whenever they want, and it can use that to manipulate you into making decisions for your project that you otherwise wouldn't take. and GitHub knows that your project's success is imperative to its own success, since it means more people signing up to contribute, more people being exposed to its nice, incorrect, not-git interface, and thus more people becoming locked in to GitHub as well.</p> - -<h2 id="there-are-some-AUP%2FToS-loopholes%2C-and-they-%2Awill%2A-shut-you-down">there are some AUP/ToS loopholes, and they <em>will</em> shut you down</h2> - -<p>I promised I would go into detail about the terms of service. there are two clauses that are poorly worded, subjective, and ... well, loopholish in nature.</p> - -<blockquote> - <p>You agree that you will not under any circumstances upload, post, host, or transmit any content that[...] contains or installs any active malware or exploits, or uses our platform for exploit delivery (such as part of a command and control system)</p> -</blockquote> - -<p>this means that you can develop an innocuous research tool, note in your README that it must not be used maliciously and that you are not responsible for skids using your software, and still get punished. all it takes is a skid cloning your repo, pissing off the wrong people with it, and those people reporting you to GitHub. and yes, I am not making this up. I know of people who have been affected by this and I am sure you can find your own examples if you search for a bit.</p> - -<blockquote> - <p>[...]transmit any content that[...] is discriminatory or abusive toward any individual or group</p> -</blockquote> - -<p>oh, this is a fun one. this basically means that anyone can report you as long as they feel offended. I'm sure you have heard enough about this so I won't go into excruciating detail, but I will tell you that it is a <em>huge</em> loophole allowing anyone to abuse the report function to knock you off GitHub.</p> - -<hr /> - -<p>so, you may be wondering what I <em>do</em> prefer in stead of GitHub. of course you could use GitLab or software such as Gogs or Gitea, but that still has the issue of revolving around <q>social coding</q> and locking users in to specific software.</p> - -<p>thankfully, the components of GitHub, GitLab, et cetera -- they are all available standalone. personally I set up <a href="http://gitolite.com/">gitolite</a> for repository access control, <a href="https://git.zx2c4.com/cgit/">cgit</a> for a simple Web frontend, and I plan to include an issue tracker that treats E-mail as first-class rather than forcing users to create accounts (possibly <a href="https://www.bugzilla.org/">Bugzilla</a> but I'm open to suggestions). and if you are attached to your <abbr title="continuous integration">CI</abbr>s then there are probably decent FOSS solutions for that; personally I don't see myself using them that much so I don't know much about them.</p> - -<p>or, you could take advantage of the fact that there are people interested in abandoning the GitHub and social-coding ecosystems just like I am: <a href="https://drewdevault.com/2018/06/05/Should-you-move-to-sr.ht.html">sr.ht</a> is both a service that you can sign up for as well as <a href="https://git.sr.ht/~sircmpwn/legacy.sr.ht/tree/README.md">a suite of programs</a> you can set up on your own server to provide something similar to what I have described above.</p> - -<p>in the end, GitHub isn't the only thing out there for FOSS projects. nor is it the best thing. plenty of projects already spun out their own solutions, and the only presence they may have on GitHub (if any) is a simple backup mirror to their repository.</p> - -<p>I hope that my reasoning has maybe encouraged you to try to use something else for your own projects, but if not, I hope you at least understand why I no longer wish to use GitHub.</p> -</main> - </body> -</html> diff --git a/out/blog/why-program-efficiency-and-usability-matters.xht b/out/blog/why-program-efficiency-and-usability-matters.xht @@ -1,87 +0,0 @@ -<?xml version="1.0" encoding="UTF-8"?> -<!DOCTYPE html> -<html xmlns="http://www.w3.org/1999/xhtml" lang="en-GB"> - <head> - <title>why program efficiency [and usability] matters – wowana.me</title> - <link rel="stylesheet" type="text/css" href="/opal.css"/> - <link href="/blog/feed.atom" type="application/atom+xml" rel="alternate" title="Blog Atom feed"/> - <meta xmlns="http://www.w3.org/1999/xhtml" name="viewport" content="width=device-width, initial-scale=1"/> - </head> - <body> - <div class="sidebar-holder"> - <header class="sidebar"> - <img class="avatar" src="https://seccdn.libravatar.org/avatar/bb7163135b77def7691f06a4e295f3d4?s=290" alt="Libravatar"/> - <h1><a class="nolink" href="/">opal</a></h1> - <p class="subheader">wowaname</p> - <nav class="topnav"> - <ul> - <li><a href="/about.xht">about</a></li> - <li><a href="/blog/">blog</a></li> - <li><a href="/contact.xht">contact</a></li> - <li><a href="/donate.xht">donate</a></li> - <li><a href="/git/">git</a></li> - <li><a href="/pgp.xht">PGP</a></li> - <li><a href="/files/">files</a></li> - <li><a href="/permalink.xht">permalink</a></li> - <li>content is <a href="https://creativecommons.org/share-your-work/public-domain/cc0">public domain</a> unless otherwise noted</li> - </ul> - </nav> - </header> - </div> - -<main> -<h1 id="why-program-efficiency-%5Band-usability%5D-matters">why program efficiency [and usability] matters</h1> - -<time datetime='2017-11-24T14:26:09+0000' title='2017-11-24T14:26:09+0000'>2017 Nov 24</time> - -<p>in 2016 I wrote a small rant about the current downward trend of software and web development, entitled <q>Why program efficiency matters</q>:</p> - -<blockquote> -<p>Computer hardware has become faster, more efficient, and more powerful in recent years, which means programmers are not constrained as much by memory and CPU cycles. But does that mean programmers should just give up trying to make their code more efficient?</p> - -<dl> -<dt>It doesn't matter if our programs are bigger!</dt> -<dd>I don't know about you, but I enjoy extra disk space for movies and music. Just because disk space is affordable doesn't mean programmers can excuse themselves for adding unnecessary fluff to their projects.</dd> - -<dt>It doesn't matter if our code takes up more memory!</dt> -<dd>Multitasking computers have been a thing for a while now. With that said, I would like my computer to actually multitask. I shouldn't have to constantly worry about how many programs I have running in the background and how much memory they consume. Also, there are plenty of older systems running in corporate and educational environments that simply cannot handle modern (and memory-hungry) software without constantly locking up.</dd> - -<dt>It doesn't matter if our code is slower!</dt> -<dd>Speed is always a value to strive for. Any sensible person would choose "faster" if presented with two programs that perform the exact same tasks but at different speeds. -</dd> -</dl> - -<p>That said, if you have to sacrifice any of the above for security, please do so. Otherwise, if there is any way to make a program smaller or faster or more efficient, without changing the core functionality of the program, then take the time to improve in those aspects. Laziness is no excuse for a slow, fat program. At the same time, don't let yourself be consumed by trying to make your code perform better before you have even finished writing the program.</p> -</blockquote> - -<p>this applies to desktop, server, mobile, and Web software all alike:</p> - -<ul> -<li>desktop operating systems are gradually becoming more bloated and new features are half-baked (such as later versions of Windows), people using Electron to develop fucking everything now (and I'll talk about Electron on its own in a bit).</li> -<li>server software dependent on weightier languages such as node and python (<a href="https://matrix.org/">matrix.org</a> for instance). this is very problematic because servers have much more stressful demands and none of us wish to spend resources we can better use to serve end-users. every bit of RAM and every CPU cycle counts under high load.</li> -<li>mobile phones are mad useful for on-the-go matters (I'll have a blog post later, describing a smartphone's exact use compared to laptops and desktops) but they're becoming more powerful than most laptops now. many apps are Web-centric and it's quite possible that a lot of the mobile ecosystem is unoptimised: not just the apps but also the operating system and the virtual environments under which apps are designed to run.</li> -<li>the Web used to have one thing: static content. then forms were introduced, allowing for greater user interaction and ease of use. after that, javascript, and now we have full-blown HTML5+javascript applications that run in your browser. and believe me, I understand the desire to have this capability: it's cross-platform and any device with a modern browser can use your app. however, there are a few things wrong with this: HTML was not really designed to represent full-blown applications, and web developers don't pay a thought to efficiency/accessibility and they will normally take the path of least resistance to deploy their applications. I'll talk more about what I believe the Web should be used for in a later post.</li> -</ul> - -<p>I'm making this post today because someone sent me a link to a post Casper Beyer made regarding Electron, entitled <q><a href="https://medium.com/@caspervonb/electron-is-cancer-b066108e6c32">Electron is Cancer</a></q>. I'll quote some notable passages from the post:</p> - -<blockquote> - <p><q>Well, it works fine on my machine, and I only have 32 gigabytes of ram.</q> - Silicon Valley Developer, 2017</p> - -<p>If that’s you, well then that’s good for you, but just because something performs <q>well enough</q> on your machine doesn’t mean there are not any performance problems. You are not your end-users, and you if you are a developer most likely do not run average hardware.</p> -</blockquote> - -<p>^ I made this point in my 2016 rant -- people have different hardware and developers need to keep this in mind, lest they want their programs only to run on a small set of machines in the world.</p> - -<blockquote> - <p><q>Electron is so great, we did not have to hire new people we can just use your web designers that we already have in-house and it is so easy!</q> - Someone Actually Said That</p> - -<p>Okay, sure having a plumber cut out a square wheel from a plank is also a lot easier to do than having a woodworker carve a perfectly round wooden wheel, but it is gonna be one hell of a bumpy ride, and square wheels are actually fine, right?</p> -</blockquote> - -<p>^ I've seen this a lot too; people have derived from <q>do one thing and do it right</q> philosophy, both in software and in expertise (although on the expertise side of things, it helps to be well-versed in several areas so you're more valuable in a job, but usually those areas are close enough together that they complement each other. you wouldn't want that plumber performing heart surgery on you, would you?)</p> - -<p>if you have time, read Beyer's full post because it covers a lot of good points about Electron and about modern software developers as a whole. it's a rarity to find a decent dev nowadays who cares about efficiency, usability, and accessibility; and that certainly affects where technology is going as a whole. as we depend more on technology in our everyday lives (mobile, IoT, business) there is really no room for sloppy code to run in banks, hospitals, vehicles, and other mission-critical devices.</p> -</main> - </body> -</html> diff --git a/out/blog/wowaname-now-on-git-and-hosted-on-my-laptop.xht b/out/blog/wowaname-now-on-git-and-hosted-on-my-laptop.xht @@ -1,133 +0,0 @@ -<?xml version="1.0" encoding="UTF-8"?> -<!DOCTYPE html> -<html xmlns="http://www.w3.org/1999/xhtml" lang="en-GB"> - <head> - <title>wowana.me now on git (and hosted on my laptop) – wowana.me</title> - <link rel="stylesheet" type="text/css" href="/opal.css"/> - <link href="/blog/feed.atom" type="application/atom+xml" rel="alternate" title="Blog Atom feed"/> - <meta xmlns="http://www.w3.org/1999/xhtml" name="viewport" content="width=device-width, initial-scale=1"/> - </head> - <body> - <div class="sidebar-holder"> - <header class="sidebar"> - <img class="avatar" src="https://seccdn.libravatar.org/avatar/bb7163135b77def7691f06a4e295f3d4?s=290" alt="Libravatar"/> - <h1><a class="nolink" href="/">opal</a></h1> - <p class="subheader">wowaname</p> - <nav class="topnav"> - <ul> - <li><a href="/about.xht">about</a></li> - <li><a href="/blog/">blog</a></li> - <li><a href="/contact.xht">contact</a></li> - <li><a href="/donate.xht">donate</a></li> - <li><a href="/git/">git</a></li> - <li><a href="/pgp.xht">PGP</a></li> - <li><a href="/files/">files</a></li> - <li><a href="/permalink.xht">permalink</a></li> - <li>content is <a href="https://creativecommons.org/share-your-work/public-domain/cc0">public domain</a> unless otherwise noted</li> - </ul> - </nav> - </header> - </div> - -<main> -<h1 id="wowana.me-now-on-git-%28and-hosted-on-my-laptop%29">wowana.me now on git (and hosted on my laptop)</h1> - -<time datetime='2019-06-05T02:53:09+0000' title='2019-06-05T02:53:09+0000'>2019 Jun 05</time> - -<p>my blog has long been overdue for a new post, so here goes nothing. I -haven't been writing lately for several reasons: the main one being that -I've had difficulties with bashblog. also, of course, I have been busy -with many things in the past few months, some of which I will cover in -later posts. I have a lot to write about in the coming months; I'll try -to get through it all when I have spare time.</p> - -<hr /> - -<p>so, bashblog. from my <a href="/blog/testing-patches-made-to-bashblog-script.xht" title="“testing patches made to bashblog script”">previous post about it</a>, I described some of -the changes I had to make to it for my own use. with my new patches, I -found that editing old articles is almost impossible without incurring a -headache, so my plan was to rewrite the entire script. and since I'd be -rewriting it, might as well do it in a language I'm more comfortable -with: perl. that wass a big project I kept putting off, until one day I -thought, "shit, why am I not managing it with a makefile?"</p> - -<p>why use <code>make</code>? I first learned proper use of the utility, as well as -how to write a proper makefile, when working on my chat client, -<a href="https://git.volatile.bz/wowaname/achlys" title="wowaname/achlys Git repository">achlys</a>. I wanted to avoid anything such as automake or cmake due -to their complexity, so despite lack of a clear makefile introduction, I -went for it anyway, to my success. in addition to its usefulness for -building C and C++ projects, it's also useful for its core purpose: -smart file-dependency tracking. this is what makes it perfect for a -website; the fact that I can write my entire site's content in markdown -(what I've already been doing with my blog articles), write a few -wrappers to generate the boilerplate HTML, and have it <em>only</em> touch -files that would be updated. if I write an article like I'm doing now, I -just save it, run <code>make</code> (and <code>make check</code> to ensure the output is -conformant XHTML, before I push a broken copy of my website live), and -it'll touch just this page, the blog index, and the atom feed. if I -decide I want to add a link to the site sidebar, I can just modify the -header template and <code>make</code> will generate my entire site. this has the -nice side effect of avoiding server-side includes as well. now I don't -have to worry about a lot of things; I can focus on writing content.</p> - -<p>since it's all backed by git, I have a few benefits from this. I no -longer have to sign blog posts individually; I let git take care of -signed commits for me. this way, you can not only verify the post, but -any edits I make as well. it's all preserved in the commit history for -complete transparency, and for something like a mostly-static, -archive-quality website, I find this invaluable. I also get natural -backups of my site. of course there's the live site copy accessible over -http, but also I get to keep a working copy on my desktop, which allows -me to use the editing tools with which I'm comfortable, instead of being -limited to whatever my server has. I don't like installing too much -cruft on any server; the bulk of my convenience programs (such as vim) -are at home on my desktop.</p> - -<p>you can clone <a href="https://wowana.me/git/wowana.me.git">https://wowana.me/git/wowana.me.git</a> if you're interested -in how I generate my site, if you want an archived copy (of the public -portions) of my website, or if you want to mirror the site elsewhere -(just be kind and link back to <a href="https://wowana.me/">https://wowana.me/</a>, please). I will -soon provide access to my other projects on wowana.me as well as a -mirror on git.volatile.bz, and I will provide cloning instructions on -wowana.me for repositories, since I will not expose these repositories -using an interface such as cgit or stagit. I am not really a fan of -allowing code to be indexed over HTTP; anyone who is truly interested in -my code can clone the repository directly. I will also provide release -tarballs for certain projects (such as achlys) for those who do not have -ready access to git on their system.</p> - -<hr /> - -<p>while you may have noticed I have been making changes to my website (the -<a href="/blog/">blog index</a> received a makeover, for example, and web pages now -have file extensions exposed), I have also made less-visible changes. -one thing of note is that I am now hosting wowana.me on my laptop. I am -using <a href="https://git.volatile.bz/wowaname/quark" title="wowaname/quark Git repository">quark</a> HTTP server written by some of the people over at -<a href="https://suckless.org/" title="suckless.org">suckless</a>, complete with a few bug fixes and modifications for my -personal use (potentially more fixes as time goes on). quark is <em>very</em> -lightweight, clocking in at just under 3mb memory usage at the time of -writing this article. this setup is still served behind nginx, both to -proxy my home IP since I still do not have an ISP suitable for hosting -directly from home, and to cache requests in order to reduce load on my -laptop. also, there are a few nginx-specific rewrites I have for my -site, and I cannot yet find a good way to replace these. so for now, -nginx still plays a role in my website, and that's fine since I use it -for other sites anyway.</p> - -<p>I am looking forward to fully self-hosting wowana.me and all services -located on my domain, to reduce my dependency on third-party hosting. -it's my definitive home on the internet, so I may as well make it -completely mine.</p> - -<p>I also hope that others see the simplicity in what I'm doing here, and -consider moving away from complex website frameworks, opting to roll -their own in a similar fashion to what I am doing. I understand that not -everyone may be a programmer or a web developer, but I believe that -there are certain tools all of us need to know about, so that we can -make the most out of our computers and our time. I can finally manage my -site in a sane manner, visualise all its components, know exactly what -will show up on the live site, because I am in control of every aspect -of its generation. it certainly beats writing all that HTML manually.</p> -</main> - </body> -</html> diff --git a/out/bookmarks.xht b/out/bookmarks.xht @@ -1,150 +0,0 @@ -<?xml version="1.0" encoding="UTF-8"?> -<!DOCTYPE html> -<html xmlns="http://www.w3.org/1999/xhtml" lang="en-GB"> - <head> - <title>bookmarks – wowana.me</title> - <link rel="stylesheet" type="text/css" href="/opal.css"/> - <link href="/blog/feed.atom" type="application/atom+xml" rel="alternate" title="Blog Atom feed"/> - <meta xmlns="http://www.w3.org/1999/xhtml" name="viewport" content="width=device-width, initial-scale=1"/> - </head> - <body> - <div class="sidebar-holder"> - <header class="sidebar"> - <img class="avatar" src="https://seccdn.libravatar.org/avatar/bb7163135b77def7691f06a4e295f3d4?s=290" alt="Libravatar"/> - <h1><a class="nolink" href="/">opal</a></h1> - <p class="subheader">wowaname</p> - <nav class="topnav"> - <ul> - <li><a href="/about.xht">about</a></li> - <li><a href="/blog/">blog</a></li> - <li><a href="/contact.xht">contact</a></li> - <li><a href="/donate.xht">donate</a></li> - <li><a href="/git/">git</a></li> - <li><a href="/pgp.xht">PGP</a></li> - <li><a href="/files/">files</a></li> - <li><a href="/permalink.xht">permalink</a></li> - <li>content is <a href="https://creativecommons.org/share-your-work/public-domain/cc0">public domain</a> unless otherwise noted</li> - </ul> - </nav> - </header> - </div> - -<main> -<h1 id="bookmarks">bookmarks</h1> - -<p>this is a list of public bookmarks for websites or articles to which I -want to refer in the future. pay mind that this may be a mix of clearnet -HTTP(S) links and onion/i2p/other protocols mixed in, and it's mainly -organised for my own use.</p> - -<h2 id="articles">articles</h2> - -<p>links to blogs, news, opinion pieces, or any other useful information.</p> - -<ul> -<li><a href="https://sockpuppet.org/blog/2015/01/15/against-dnssec/">Against DNSSEC</a> (<a href="https://archive.is/SEDME">archived</a> <span class="altnet-permalinks">{ <a class="tor-permalink" href="http://archivecaslytosk.onion/SEDME">.onion</a> }</span>) – note, I use DNSSEC despite having read this, since it's easy enough to deploy and forget. if others wish to verify my records with DNSSEC, they have the choice.</li> -<li><a href="https://techcrunch.com/2018/02/13/amp-for-email-is-a-terrible-idea/">AMP for E-mail is a terrible idea</a></li> -<li><a href="https://varnish-cache.org/docs/2.1/phk/autocrap.html"><q>Did you call them <em>autocrap</em> tools?</q></a> (<a href="https://archive.is/zuPRr">archived</a> <span class="altnet-permalinks">{ <a class="tor-permalink" href="http://archivecaslytosk.onion/zuPRr">.onion</a> }</span>)</li> -<li><a href="http://lcamtuf.coredump.cx/prep/">Doomsday planning for less crazy folk</a> (<a href="https://archive.is/IOhOI">archived</a> <span class="altnet-permalinks">{ <a class="tor-permalink" href="http://archivecaslytosk.onion/IOhOI">.onion</a> }</span>)</li> -<li><a href="https://www.inulledmyself.com/search/label/ret2php">ret2php</a> (<a href="https://archive.is/fmuWl">archived</a> <span class="altnet-permalinks">{ <a class="tor-permalink" href="http://archivecaslytosk.onion/fmuWl">.onion</a> }</span>)</li> -<li><a href="http://www.hackerfactor.com/blog/index.php?/archives/777-Stopping-Tor-Attacks.html">Stopping Tor attacks</a> (<a href="https://archive.is/2enPM">archived</a> <span class="altnet-permalinks">{ <a class="tor-permalink" href="http://archivecaslytosk.onion/2enPM">.onion</a> }</span>)</li> -<li><a href="https://nedbatchelder.com/blog/200804/the_structure_of_pyc_files.html">Structure of .pyc files</a> (<a href="https://archive.is/skmMb">archived</a> <span class="altnet-permalinks">{ <a class="tor-permalink" href="http://archivecaslytosk.onion/skmMb">.onion</a> }</span>)</li> -<li><a href="https://ethanmarcotte.com/wrote/the-web-we-broke/">The web we broke</a> (<a href="https://archive.is/zPCIm">archived</a> <span class="altnet-permalinks">{ <a class="tor-permalink" href="http://archivecaslytosk.onion/zPCIm">.onion</a> }</span>) – personally, I believe many accessibility issues can be solved simply by adhering to writing static, degradable websites with semantic HTML5. I am working on <a href="/htss.xht">a subset</a> of the HTML5 standard to address usability concerns.</li> -<li><a href="https://jameshfisher.com/2018/02/03/what-does-getaddrinfo-do/">What does <code>getaddrinfo</code> do?</a> (<a href="https://archive.is/A2BXZ">archived</a> <span class="altnet-permalinks">{ <a class="tor-permalink" href="http://archivecaslytosk.onion/A2BXZ">.onion</a> }</span>)</li> -<li><a href="https://www.gnu.org/philosophy/programs-must-not-limit-freedom-to-run.en.html">Why programs must not limit the freedom to run them</a> (<a href="https://archive.is/DJn75">archived</a> <span class="altnet-permalinks">{ <a class="tor-permalink" href="http://archivecaslytosk.onion/DJn75">.onion</a> }</span>)</li> -<li><a href="https://visualstudiomagazine.com/articles/2013/06/01/roc-rocks.aspx">Why you shouldn't comment (or document) code</a>, which mainly encourages self-documenting code (<a href="https://archive.is/KWwKr">archived</a> <span class="altnet-permalinks">{ <a class="tor-permalink" href="http://archivecaslytosk.onion/KWwKr">.onion</a> }</span>)</li> -</ul> - -<h2 id="files">files</h2> - -<p>a list of torrents and downloads I want to get around to but don't have -enough spare disk space.</p> - -<ul> -<li><a href="magnet:?xt=urn:btih:2dc18f47afee0307e138dab3015ee7e5154766f6&amp;dn=Geocities+-+The+PATCHED+Torrent">Geocities patched torrent</a> (<a href="magnet:?xt=urn:btih:decb3f33cea4386d5e030a57acd71adb26542024&amp;dn=Geocities+-+The+Torrent">original, seems to have no seeders</a>)</li> -</ul> - -<h2 id="ASCII%2C-ANSI%2C-Shift-JIS-art">ASCII, ANSI, Shift-JIS art</h2> - -<ul> -<li><a href="https://16colo.rs/">16colo.rs</a></li> -<li><a href="https://www.asciiworld.com/">Asciiworld</a></li> -<li>joan <q>jgs</q> stark's ASCII art (<a href="https://web.archive.org/web/20091028031410/http://www.geocities.com/SoHo/7373/indexjava.htm">wayback</a>, <a href="http://www.oocities.org/SoHo/7373/indexjava.htm">oocities</a>)</li> -<li>Links to ASCII art web pages (<a href="https://web.archive.org/web/20011102043925/http://www.geocities.com/soho/2695/links.htm">wayback</a>)</li> -</ul> - -<h2 id="mesh-networking">mesh networking</h2> - -<p>resources for future inclusion on the <a href="https://mesh.gentoo.today/">mesh wiki</a></p> - -<ul> -<li><a href="https://www.open-mesh.org/projects/batman-adv/wiki">batman-adv wiki</a></li> -<li><a href="https://communitytechnology.github.io/">Community Technology</a> (mirrored at <a href="/git/communitytechnology.github.io.git/">https://wowana.me/git/communitytechnology.github.io.git</a>)</li> -<li><a href="https://freifunk.net/en/">Freifunk</a> (<a href="https://freifunk.net/">German</a>)</li> -<li><a href="https://tomesh.net/">Toronto Mesh</a></li> -</ul> - -<h2 id="miscellaneous">miscellaneous</h2> - -<ul> -<li><a href="https://academictorrents.com/">Academic Torrents</a></li> -<li><a href="http://anodex.i2p/">anodex.i2p</a></li> -<li><a href="https://vt100.net/docs/vt510-rm/chapter4.html">ANSI control functions summary</a> (<a href="https://archive.is/Koqjs">archived</a> <span class="altnet-permalinks">{ <a class="tor-permalink" href="http://archivecaslytosk.onion/Koqjs">.onion</a> }</span>)</li> -<li><a href="http://www.bittorrent.org/beps/bep_0000.html">BitTorrent BEPs</a></li> -<li><a href="https://www.aivosto.com/articles/control-characters.html">Control characters in ASCII and Unicode</a> (<a href="https://archive.is/Irz5H">archived</a> <span class="altnet-permalinks">{ <a class="tor-permalink" href="http://archivecaslytosk.onion/Irz5H">.onion</a> }</span>)</li> -<li><a href="https://www.quora.com/How-realistic-is-that-someone-could-function-in-the-United-States-without-at-least-one-photo-ID">Functioning in the United States without photo ID</a> – I want to follow this up with more resources on how to <q>live anonymously</q></li> -<li><a href="https://www.kitsunekko.net/dirlist.php?dir=subtitles%2Fjapanese%2F">Japanese subtitles</a></li> -<li><a href="https://www.schneier.com/gchq-catalog/">JTRIG Tools and Techniques</a> (<a href="https://gentoo.today/ipfs/QmXfqSYJCJwr6WcTVmbLm7u1ywb99ToFGkKC7V4CayExXM">PDF</a>)</li> -<li><a href="https://github.com/gdamdam/awesome-decentralized-web">List of decentralised services</a></li> -<li><a href="https://gist.github.com/natesubra/628178d92b26f62b0d9e6f7f34e6573c">Remove PROXMOX 5.2 subscription message popup</a> (I forget if this worked for me)</li> -<li><a href="http://www.datamath.org/Album_Graph.htm">Texas Instruments graphing calculators</a></li> -<li><a href="http://tokipona.net/tp/janpije/dictionary.php">Toki Pona dictionary</a></li> -<li><a href="https://meta.wikimedia.org/wiki/Wikimedia_servers">Wikimedia server trivia</a></li> -</ul> - -<h3 id="hardware-2FA%2Fsecurity-modules">hardware 2FA/security modules</h3> - -<ul> -<li><a href="https://www.nitrokey.com/">Nitrokey</a></li> -<li><a href="https://solokeys.com/">SoloKeys</a></li> -</ul> - -<h2 id="music">music</h2> - -<ul> -<li><a href="http://lolicore.org/">lolicore archive</a></li> -<li><a href="https://files.sq10.net/music/vaporwave/list/">sq10 files</a> (vapourwave archive)</li> -</ul> - -<h2 id="software">software</h2> - -<p>some of these repositories, I should probably mirror eventually.</p> - -<h3 id="stuff-I-use">stuff I use</h3> - -<p>see my <a href="/software.xht">software list</a>.</p> - -<h3 id="other">other</h3> - -<ul> -<li><a href="http://www.brain-dump.org/projects/abduco/">abduco</a></li> -<li><a href="https://github.com/ViDA-NYU/ache">ache, domain-specific web crawler</a></li> -<li><a href="https://www.awstats.org/">AWStats</a></li> -<li><a href="https://github.com/editorconfig/editorconfig-vim">editorconfig-vim</a></li> -<li><a href="https://github.com/CuddleBear92/Hydrus-Presets-and-Scripts">Hydrus presets and scripts</a></li> -<li><a href="https://github.com/yarrick/iodine">iodine DNS tunnel</a></li> -<li><a href="https://github.com/equalsraf/neovim-qt">neovim-qt</a></li> -<li><a href="http://www.nongnu.org/nmh/">NMH, New Message Handler</a></li> -<li><a href="https://github.com/vurtun/nuklear">nuklear, GUI library for C</a></li> -<li><a href="https://github.com/ehloonion/onionmx">OnionMX</a></li> -<li><a href="https://github.com/DonnchaC/oniontip">OnionTip</a> – would be nice to see a decentralised version of this</li> -<li><a href="https://github.com/necaris/python3-openid">python3-openid</a></li> -<li><a href="https://github.com/xynxynxyn/terminal-discord">terminal-discord</a> – might be helpful for learning Discord API <q>in action</q></li> -<li><a href="http://git.psi.i2p/psi/torrent.ano">torrent.ano</a></li> -<li><a href="https://github.com/buckket/twtxt">twtxt</a></li> -<li><a href="https://github.com/WikiTeam/wikiteam">WikiTeam</a></li> -<li><a href="https://github.com/misterhat/ytsearch">ytsearch, commandline YouTube search</a></li> -</ul> -</main> - </body> -</html> diff --git a/out/contact.xht b/out/contact.xht @@ -1,45 +0,0 @@ -<?xml version="1.0" encoding="UTF-8"?> -<!DOCTYPE html> -<html xmlns="http://www.w3.org/1999/xhtml" lang="en-GB"> - <head> - <title>contact – wowana.me</title> - <link rel="stylesheet" type="text/css" href="/opal.css"/> - <link href="/blog/feed.atom" type="application/atom+xml" rel="alternate" title="Blog Atom feed"/> - <meta xmlns="http://www.w3.org/1999/xhtml" name="viewport" content="width=device-width, initial-scale=1"/> - </head> - <body> - <div class="sidebar-holder"> - <header class="sidebar"> - <img class="avatar" src="https://seccdn.libravatar.org/avatar/bb7163135b77def7691f06a4e295f3d4?s=290" alt="Libravatar"/> - <h1><a class="nolink" href="/">opal</a></h1> - <p class="subheader">wowaname</p> - <nav class="topnav"> - <ul> - <li><a href="/about.xht">about</a></li> - <li><a href="/blog/">blog</a></li> - <li><a href="/contact.xht">contact</a></li> - <li><a href="/donate.xht">donate</a></li> - <li><a href="/git/">git</a></li> - <li><a href="/pgp.xht">PGP</a></li> - <li><a href="/files/">files</a></li> - <li><a href="/permalink.xht">permalink</a></li> - <li>content is <a href="https://creativecommons.org/share-your-work/public-domain/cc0">public domain</a> unless otherwise noted</li> - </ul> - </nav> - </header> - </div> - -<main> -<h1 id="contact">contact</h1> - -<p>you can reach me via E-mail at <a href="&#x6D;&#x61;&#x69;l&#x74;&#111;:&#x6F;p&#97;&#108;&#64;&#x77;&#111;&#119;&#x61;n&#x61;&#x2E;&#x6D;&#x65;">&#x6F;p&#97;&#108;&#64;&#x77;&#111;&#119;&#x61;n&#x61;&#x2E;&#x6D;&#x65;</a>, or if you use tor mail, <a href="&#x6D;&#x61;&#105;&#108;&#x74;&#x6F;:&#x77;&#111;w&#97;&#x6E;&#x61;m&#x65;&#64;v&#x6F;&#x6C;&#x61;&#55;&#x69;l&#101;&#105;a&#120;4&#117;&#101;&#x6F;&#x77;&#46;o&#x6E;&#105;&#x6F;&#110;">&#x77;&#111;w&#97;&#x6E;&#x61;m&#x65;&#64;v&#x6F;&#x6C;&#x61;&#55;&#x69;l&#101;&#105;a&#120;4&#117;&#101;&#x6F;&#x77;&#46;o&#x6E;&#105;&#x6F;&#110;</a>.</p> - -<ul> -<li><a href="/pgp.xht">PGP is suggested.</a> <em>please give me a well-formed PGP public key so I may reply.</em></li> -<li>if you E-mail me, <em>use a proper subject line or else I will not respond</em>.</li> -</ul> - -<p>if you need an alternate contact method, please ask me over E-mail. I have semi-private XMPP, Matrix, and IRC handles but I much prefer E-mail for correspondence from strangers.</p> -</main> - </body> -</html> diff --git a/out/donate.xht b/out/donate.xht @@ -1,129 +0,0 @@ -<?xml version="1.0" encoding="UTF-8"?> -<!DOCTYPE html> -<html xmlns="http://www.w3.org/1999/xhtml" lang="en-GB"> - <head> - <title>costs and donating – wowana.me</title> - <link rel="stylesheet" type="text/css" href="/opal.css"/> - <link href="/blog/feed.atom" type="application/atom+xml" rel="alternate" title="Blog Atom feed"/> - <meta xmlns="http://www.w3.org/1999/xhtml" name="viewport" content="width=device-width, initial-scale=1"/> - </head> - <body> - <div class="sidebar-holder"> - <header class="sidebar"> - <img class="avatar" src="https://seccdn.libravatar.org/avatar/bb7163135b77def7691f06a4e295f3d4?s=290" alt="Libravatar"/> - <h1><a class="nolink" href="/">opal</a></h1> - <p class="subheader">wowaname</p> - <nav class="topnav"> - <ul> - <li><a href="/about.xht">about</a></li> - <li><a href="/blog/">blog</a></li> - <li><a href="/contact.xht">contact</a></li> - <li><a href="/donate.xht">donate</a></li> - <li><a href="/git/">git</a></li> - <li><a href="/pgp.xht">PGP</a></li> - <li><a href="/files/">files</a></li> - <li><a href="/permalink.xht">permalink</a></li> - <li>content is <a href="https://creativecommons.org/share-your-work/public-domain/cc0">public domain</a> unless otherwise noted</li> - </ul> - </nav> - </header> - </div> - -<main> -<h1 id="costs-and-donating">costs and donating</h1> - -<p>starting 2018 September, I will publicly track expenses and donations for my services.</p> - -<p><a href="#donors">check below for a list of donors</a></p> - -<h2 id="donation-methods">donation methods</h2> - -<p>if you are interested in helping with my costs, you can make a donation to:</p> - -<ul> -<li>bitcoin: <a href="bitcoin:18gs3qDmznjKagNJrcgN2T3aUe3McG7iKJ"><code>18gs3qDmznjKagNJrcgN2T3aUe3McG7iKJ</code></a></li> -<li>bitcoin cash: <a href="bitcoincash:18gs3qDmznjKagNJrcgN2T3aUe3McG7iKJ"><code>18gs3qDmznjKagNJrcgN2T3aUe3McG7iKJ</code></a></li> -</ul> - -<p>if you need VPS or dedicated server hosting, you may sign up and use the following referral links to help me out at the same time:</p> - -<ul> -<li><a href="https://hosthatch.com/a?id=1227">HostHatch</a></li> -<li><a href="https://clients.mivocloud.com/aff.php?aff=7945">MivoCloud</a></li> -</ul> - -<p>please <a href="/contact.xht">E-mail me</a> if you:</p> - -<ul> -<li>want to be recognised for your donation,</li> -<li>want anything in exchange for your donation (such as a subdomain, E-mail address, XMPP account, web hosting, …), or</li> -<li>need an alternate payment method.</li> -</ul> - -<h2 id="costs">costs</h2> - -<p>my servers and domains cost around <em>US$2 000 a year</em> to maintain:</p> - -<ul> -<li>$120 <a href="https://hosthatch.com/">HostHatch</a> VPS</li> -<li>$280 undisclosed VPS for shared hidden service hosting (at <a href="http://chchchiasaeljqgs.onion/">chchchiasaeljqgs.onion</a> or <a href="http://chen.i2p/?i2paddresshelper=l7fr75pvy3o66isse7bb4bdsy6coq2eb4irjkrsdlugbjanxqzzq.b32.i2p">chen.i2p</a>). if you're interested, you can ask me for a site</li> -<li>$900 <a href="https://mivocloud.com/">MivoCloud</a> dedicated server</li> -<li>$650 <a href="https://anime.website/">anime.website</a> domain</li> -<li>$21 <a href="https://gentoo.today/">gentoo.today</a> domain</li> -<li>$63 <a href="https://krustykrab.restaurant/">krustykrab.restaurant</a> domain</li> -<li>$25 <a href="https://volatile.bz/">volatile.bz</a> domain</li> -<li>$22 <a href="https://wowana.me/">wowana.me</a> domain</li> -</ul> - -<h2 id="donors">donors and income</h2> - -<p>click on any name below to view details about the donation or earning. since Bitcoin is not anonymous and you can find these payments attached to my address anyway, I provide BTC/BCH transaction IDs in the details.</p> - -<ul> -<li><details> - <summary><em>2019 non-donation (and unknown) earnings</em></summary> - <p>~0.343 BTC since 2019 May 04</p> -</details></li> -<li><details> - <summary><em>spectre</em></summary> - <p>Donated ~0.0366 BTC on <time datetime="2019-11-25T16:20" title="2019-11-25T16:20">2019 Nov 25</time></p> - <pre>892db379973c2929cafb9ec716209f234cd88bc6a9cd33330529349492fc8baf</pre> -</details></li> -</ul> - -<hr /> - -<ul> -<li><details> - <summary><em>2018 non-donation (and unknown) earnings</em></summary> - <p>~0.069 BTC</p> -</details></li> -<li><details> - <summary><em>Anonymous</em></summary> - <p>Donated 0.003 BTC on <time datetime="2018-10-10T19:37" title="2018-10-10T19:37">2018 Oct 10</time></p> - <pre>ff0617fb3eb98c05007c53b332469dac2e021a74426ff8396ff833e9021deeb4</pre> -</details></li> -<li><details> - <summary>MR.Hurt</summary> - <p>Donated ~0.0073 BTC on <time datetime="2018-07-29T21:54" title="2018-07-29T21:54">2018 Jul 29</time></p> - <pre>ff17af67c5ddc28608e6f5850de641f37a250f2018834e68513dbc3da16c8955</pre> -</details></li> -<li><details> - <summary><em>Anonymous</em></summary> - <p>Donated ~0.0042 BTC on <time datetime="2018-07-24T20:50" title="2018-07-24T20:50">2018 Jul 24</time></p> - <pre>2d172fc91f4af10535d8e023b57b300d0ca00715af9e554ae73ab1673bddae03</pre> -</details></li> -<li><details> - <summary><em>Anonymous</em></summary> - <p>Donated ~0.0036 BTC on <time datetime="2018-07-24T20:50" title="2018-06-30T13:49">2018 Jun 30</time></p> - <pre>85adbe48d6eed26fb4737a29e3774d40b585e5f58bf4f20d69c7d3bfe77121d4</pre> -</details></li> -<li><details> - <summary><em>Anonymous</em></summary> - <p>Donated ~0.0009 BTC on <time datetime="2018-07-24T20:50" title="2018-06-30T13:49">2018 Jun 30</time></p> - <pre>3655a53b4040a8b1171916f08868050b4a6e4231ed8ba7fd9bb8d8233baf926f</pre> -</details></li> -</ul> -</main> - </body> -</html> diff --git a/out/fediverse.xht b/out/fediverse.xht @@ -1,429 +0,0 @@ -<?xml version="1.0" encoding="UTF-8"?> -<!DOCTYPE html> -<html xmlns="http://www.w3.org/1999/xhtml" lang="en-GB"> - <head> - <title>the fediverse – wowana.me</title> - <link rel="stylesheet" type="text/css" href="/opal.css"/> - <link href="/blog/feed.atom" type="application/atom+xml" rel="alternate" title="Blog Atom feed"/> - <meta xmlns="http://www.w3.org/1999/xhtml" name="viewport" content="width=device-width, initial-scale=1"/> - </head> - <body> - <div class="sidebar-holder"> - <header class="sidebar"> - <img class="avatar" src="https://seccdn.libravatar.org/avatar/bb7163135b77def7691f06a4e295f3d4?s=290" alt="Libravatar"/> - <h1><a class="nolink" href="/">opal</a></h1> - <p class="subheader">wowaname</p> - <nav class="topnav"> - <ul> - <li><a href="/about.xht">about</a></li> - <li><a href="/blog/">blog</a></li> - <li><a href="/contact.xht">contact</a></li> - <li><a href="/donate.xht">donate</a></li> - <li><a href="/git/">git</a></li> - <li><a href="/pgp.xht">PGP</a></li> - <li><a href="/files/">files</a></li> - <li><a href="/permalink.xht">permalink</a></li> - <li>content is <a href="https://creativecommons.org/share-your-work/public-domain/cc0">public domain</a> unless otherwise noted</li> - </ul> - </nav> - </header> - </div> - -<main> -<h1 id="the-fediverse">the fediverse</h1> - -<p>if you're tired of twitter (or you got banned from it like me) then -you're probably looking for a decent replacement to meet people and -discuss various topics of interest. the fediverse is currently the best -replacement, but when you first get into it, it may be difficult to -understand. the first thing that's different from twitter is the fact -that there are multiple instances – thousands of them. they're like -E-mail servers except for microblogging, in a nutshell, and they can run -different software. currently, the most popular servers use -<a href="https://joinmastodon.org/">Mastodon</a>, -<a href="https://pleroma.social/">Pleroma</a>, or -<a href="https://joinmisskey.github.io/en/">Misskey</a>. you can look at each and -see what feels best for you. Pleroma is the easiest to run, which is why -a lot of instances use it, and it supports both its own layout as well -as the Mastodon layout, so if you want an easy decision, you should -probably go with a server running Pleroma.</p> - -<p>with that out of the way, assuming you don't want to run your own -server, you're probably wondering which of the thousands of servers you -should use. well, if you're like me, you'll want a <q>hands-off</q> -instance that simulates how twitter was before 2015. somewhere you can -follow a few people and say what's on your mind, and not get banned for -it. if this sounds like you, you're in luck, because this is exactly -what this list of instances is for. I try to compile a list of instances -with <em>transparent moderation policies</em> where you can <em>follow almost -anyone, anywhere in the fediverse</em>.</p> - -<p>to be included in the list below, the instance must:</p> - -<ul> -<li>have a clear moderation policy</li> -<li>have clear federation policies with other servers</li> -<li>have a list of blocked servers, if the instance chooses to block other -servers</li> -<li>be receptive to the needs of Tor users and other privacy-concerned -people</li> -</ul> - -<p><strong>before you choose an instance, please make sure you would make a good -fit. free speech / limited moderation does <em>not</em> invite spammy or -annoying behaviour to any of these instances.</strong> this list is simply a -starting point for you to narrow your choice. also be aware that every -instance has its own posting and media limits, so be sure to -double-check if you often write long posts or upload large files.</p> - -<p>if you are an instance administrator and would like your instance to be -listed, please talk to @wowaname@anime.website on fedi, or <a href="/contact.xht">contact -me</a> via E-mail.</p> - -<p>this page is currently in a rough state; I will try to improve it in my -free time, and I will take suggestions on how to better present the -information here.</p> - -<h2 id="Pleroma">Pleroma</h2> - -<table> -<tr> - <th>instance</th> - <th>limited moderation i.e. <q>free speech</q>?</th> - <th>nsfw allowed?</th> - <th>block policy</th> - <th>notes</th> -</tr> -<tr> - <td><a href="https://anime.website/">anime.website</a></td> - <td><a href="https://anime.website/static/terms-of-service.html">yes, U.S. jurisdiction</a></td> - <td>yes</td> - <td><a href="https://anime.website/static/censorship.html">limits federation in exceptional circumstances</a></td> - <td>my instance</td> -</tr> -<tr> - <td><a href="https://blob.cat/">blob.cat</a></td> - <td><a href="https://blob.cat/about">no, U.S. jurisdiction</a></td> - <td>if tagged</td> - <td><a href="https://fediverse.network/blob.cat/federation">federates with all instances</a></td> - <td></td> -</tr> -<tr> - <td><a href="https://cofe.rocks/">cofe.rocks</a></td> - <td><a href="https://glitch.sh/hosted/pleroma/src/branch/master/meta.d/rules.md">yes, German jurisdiction</a></td> - <td>if tagged. no loli, shota, gore, animal cruelty</td> - <td><a href="https://glitch.sh/hosted/pleroma/src/branch/master/meta.d/MRF.md">blocks disclosed</a></td> - <td><a href="https://glitch.sh/hosted/pleroma/src/branch/master/meta.d/invite.md">registration currently requires invite</a></td> -</tr> -<tr> - <td><a href="https://freespeechextremist.com/">freespeechextremist.com</a></td> - <td><a href="https://freespeechextremist.com/about">yes, U.S. jurisdiction</a></td> - <td>if tagged. no loli- or shotacon</td> - <td><a href="https://fediverse.network/freespeechextremist.com/federation">federates with all instances</a></td> - <td></td> -</tr> -<tr> - <td><a href="https://neckbeard.xyz/">neckbeard.xyz</a></td> - <td><a href="https://neckbeard.xyz/about">yes, U.S. jurisdiction</a></td> - <td>if tagged</td> - <td><a href="https://fediverse.network/neckbeard.xyz/federation">federates with all instances</a></td> - <td></td> -</tr> -<tr> - <td><a href="https://pl.smuglo.li/">pl.smuglo.li</a></td> - <td>yes, U.S. jurisdiction</td> - <td>yes</td> - <td><a href="https://fediverse.network/pl.smuglo.li/federation">federates with all instances</a></td> - <td>no explicitly-stated rules, but generally hands-off moderation</td> -</tr> -<tr> - <td><a href="https://pleroma.fr/">pleroma.fr</a></td> - <td><a href="https://pleroma.fr/about">no, French jurisdiction</a></td> - <td>if tagged. no loli- or shotacon</td> - <td><a href="https://fediverse.network/pleroma.fr/federation">blocks disclosed</a></td> - <td></td> -</tr> -<tr> - <td><a href="https://shitposter.club/">shitposter.club</a></td> - <td><a href="https://shitposter.club/about">yes, U.S. jurisdiction. no sharing personal information (e.g. doxing)</a></td> - <td>if tagged. no loli, shota, gore</td> - <td><a href="https://fediverse.network/shitposter.club/federation">federates with all instances</a></td> - <td></td> -</tr> -<tr> - <td><a href="https://the.hedgehoghunter.club/">the.hedgehoghunter.club</a></td> - <td><a href="https://the.hedgehoghunter.club/instance/rules.html">yes, German jurisdiction</a></td> - <td>if tagged</td> - <td><a href="https://fediverse.network/the.hedgehoghunter.club/federation">blocks disclosed</a></td> - <td></td> -</tr> -<tr> - <td><a href="https://veenus.art/">veenus.art</a></td> - <td><a href="https://veenus.art/about">yes, U.S./Dutch jurisdiction, no doxing</a></td> - <td>if tagged, no loli- or shotacon</td> - <td><a href="https://veenus.art/about">blocks disclosed</a></td> - <td></td> -</tr> -</table> - -<h2 id="Mastodon">Mastodon</h2> - -<table> -<tr> - <th>instance</th> - <th>limited moderation i.e. <q>free speech</q>?</th> - <th>nsfw allowed?</th> - <th>block policy</th> - <th>notes</th> -</tr> -<tr> - <td><a href="https://baraag.net/">baraag.net</a></td> - <td><a href="https://baraag.net/terms">yes, U.S. jurisdiction, no doxing</a></td> - <td>gore must be tagged, only fictional artistic work allowed</td> - <td>federates with all instances</td> - <td><span class="cloudflare-warning" title="uses Cloudflare">uses Cloudflare</span></td> -</tr> -<tr> - <td><a href="https://fosstodon.org/">fosstodon.org</a></td> - <td><a href="https://hub.fosstodon.org/code-of-conduct">no, French/U.K. jurisdiction</a></td> - <td>no</td> - <td><a href="https://hub.fosstodon.org/instance-block-list">blocks disclosed</a></td> - <td><span class="cloudflare-warning" title="uses Cloudflare">uses Cloudflare</span> (masto.host serves media through Cloudflare)</td> -</tr> -<tr> - <td><a href="https://gameliberty.club/">gameliberty.club</a></td> - <td>yes, U.S. jurisdiction</td> - <td>if tagged</td> - <td>federates with all instances</td> - <td></td> -</tr> -<tr> - <td><a href="https://mstdn.io/">mstdn.io</a></td> - <td><a href="https://mstdn.io/about/more">no, French/German jurisdiction</a></td> - <td>if tagged or unlisted</td> - <td><a href="https://gist.github.com/Angristan/2f2f36452a8a23e7d8c31529f4d02487">blocks disclosed</a></td> - <td><span class="cloudflare-warning" title="uses Cloudflare">uses Cloudflare</span></td> -</tr> -<tr> - <td><a href="https://qoto.org/">qoto.org</a></td> - <td><a href="https://qoto.org/about/more">yes, U.S./European jurisdiction</a></td> - <td>if tagged</td> - <td>federates with all instances</td> - <td></td> -</tr> -</table> - -<h2 id="Misskey">Misskey</h2> - -<table> -<tr> - <th>instance</th> - <th>limited moderation i.e. <q>free speech</q>?</th> - <th>nsfw allowed?</th> - <th>block policy</th> - <th>notes</th> -</tr> -<tr> - <td><a href="https://catgirl.life/">catgirl.life</a></td> - <td>yes, U.S. jurisdiction</td> - <td>if tagged</td> - <td>federates with all instances</td> - <td></td> -</tr> -<tr> - <td><a href="https://skippers-bin.com/">skippers-bin.com</a></td> - <td>yes, U.S. jurisdiction <a href="https://neckbeard.xyz/about">(same rules as neckbeard.xyz)</a></td> - <td>if tagged</td> - <td>federates with all instances</td> - <td></td> -</tr> -</table> - -<hr id="unrecommended"/> - -<h2 id="dishonourable-mentions">dishonourable mentions</h2> - -<p>the below table is <em>not</em> a list of instance recommendations; however, I -include it because it explains why I do not currently recommend certain -instances. I include contact information for these instance admins in -case you wish for them to reconsider their policies. please <strong>do not use -this contact information with the intent to harass these -administrators</strong>; I believe it is much more productive to give -constructive criticism so that these admins can improve their instances.</p> - -<p>while some of the instances below do in fact list instance blocks, they -are inconsistent with which instances they add. you may be able to -follow certain users one day that are blocked the next.</p> - -<p>also, even though you may agree with an instance's rules, be aware that -instance blocks may collaterally affect users on other instances who do -not violate rules. I operate firmly under the belief that individuals -should be treated individually, and moderation decisions should reflect -this (and transparently so).</p> - -<p>unlike the above instance recommendation listings, I <em>will not</em> allow -admins to opt out from being listed below. if you wish to stop being -listed here, simply adopt a better approach to administration or make -your instance unavailable to users. if you have changed your policies -and want me to revise your listing, please <a href="/contact.xht">contact me</a>.</p> - -<p>I have taken care to obfuscate E-mail addresses if they were originally -in obfuscated form, for anti-spam purposes. if any contact methods don't -work for whatever reason, <a href="/contact.xht">let me know</a>, because I have -not vetted any of this information for correctness.</p> - -<table> -<tr> - <th>instance</th> - <th>why it isn't recommended</th> - <th>admin contact</th> -</tr> -<!-- -<tr> - <td></td> - <td><ul> - <li></li> - </ul></td> - <td><a href="mailto:">E-mail</a></td> -</tr> ---> -<tr> - <td>beeping.town</td> - <td><a href="https://fediverse.network/beeping.town/federation">defederates arbitrarily</a></td> - <td><a href="mailto:iliana@beeping.town">E-mail</a></td> -</tr> -<tr> - <td>cybre.space</td> - <td>instance blocklist restricted to logged-in users</td> - <td><a href="mailto:admin@cybre.space">E-mail</a></td> -</tr> -<tr> - <td>gab.com</td> - <td><ul> - <li><span class="cloudflare-warning" title="uses Cloudflare">uses Cloudflare</span> (blocks Tor)</li> - <li>falsely claims <q>free speech</q></li> - <li>no clear defederation policy or moderation transparency</li> - </ul></td> - <td><a href="mailto:support@gab.com">E-mail</a></td> -</tr> -<tr> - <td>hackers.town</td> - <td><ul> - <li>seems to be Tor-hostile</li> - <li>no clear defederation policy or moderation transparency</li> - </ul></td> - <td><a href="mailto:thegibson@hackers.town">E-mail</a></td> -</tr> -<tr> - <td>is.nota.live</td> - <td><a href="https://is.nota.live/about/more#unavailable-content">inaccurate, inconsistent defederation reasons</a></td> - <td><a href="mailto:ida@is.nota.live">E-mail</a></td> -</tr> -<tr> - <td>kiwifarms.cc</td> - <td><span class="cloudflare-warning" title="uses Cloudflare">uses Cloudflare</span> (blocks Tor)</td> - <td><a href="mailto:pleroma@kiwifarms.net">E-mail</a></td> -</tr> -<tr> - <td>mastodon.host</td> - <td><ul> - <li>boasts <q>We […] have a very good view of the federation</q> but <a href="https://fediverse.network/mastodon.host/federation">defederates arbitrarily</a></li> - <li><q>lightly moderated</q> when in reality there is no moderation transparency</li> - <li>(personal anecdote, but I believe still worth mentioning:) admin continues to operate <a href="https://mastodon.host/@federationbot">@federationbot</a> which follows users unless they opt-out. this is unnecessary and disruptive now that relays exist (and funnily, <a href="https://relay.mastodon.host/">the admin also operates a relay</a>)</li> - </ul></td> - <td><a href="mailto:gled@remote-shell.net">E-mail</a></td> -</tr> -<tr> - <td>mastodon.social</td> - <td><ul> - <li>blocks users on other instances without notice</li> - <li><a href="https://github.com/Gargron/mastodon.social-misc#readme">inaccurate defederation reasons</a></li> - </ul></td> - <td><a href="mailto:staff@mastodon.social">E-mail</a></td> -</tr> -<tr> - <td>mastodon.technology</td> - <td><a href="https://github.com/ashfurrow/mastodon/blob/public/README.md#blocked-instances">defederates arbitrarily</a></td> - <td><a href="mailto:ash@ashfurrow.com">E-mail</a></td> -</tr> -<tr> - <td>meow.social</td> - <td>no clear defederation policy or moderation transparency</td> - <td><a href="mailto:meow@meow.social">E-mail</a></td> -</tr> -<tr> - <td>monsterpit.net</td> - <td><ul> - <li>seems to be Tor-hostile</li> - <li><a href="https://monsterpit.net/about/more">openly states</a> that they <q>are not interested in absolute federation</q> and has no clear defederation policy or moderation transparency</li> - </ul></td> - <td><a href="mailto:admin@monsterpit.net">E-mail</a></td> -</tr> -<tr> - <td>nsfw.social</td> - <td><ul> - <li><span class="cloudflare-warning" title="uses Cloudflare">uses Cloudflare</span> (blocks Tor)</li> - <li>instance description quips <q>[…] anything goes as long as its legal and doesn't violate our TOS,</q> yet they block instances on grounds of <q>shitposting</q> and other invalid reasons</li> - </ul></td> - <td><a href="mailto:nsfw@bofhllc.net">E-mail</a></td> -</tr> -<tr> - <td>octodon.social</td> - <td>claims to <q>federat[e] with nearly everything,</q> yet has <a href="https://octodon.social/about/more#unavailable-content">an extensive list of instance blocks</a> with no reasoning given</td> - <td><a href="mailto:avoidstar@octodon.social">E-mail</a></td> -</tr> -<tr> - <td>playvicious.social</td> - <td>defederates arbitrarily, no transparency in moderation actions</td> - <td><a href="mailto:control@playvicio.us">E-mail</a></td> -</tr> -<tr> - <td>plural.cafe</td> - <td><a href="https://plural.cafe/about/more#unavailable-content">inaccurate, inconsistent defederation reasons</a></td> - <td>E-mail <a>admin at plural dot cafe</a></td> -</tr> -<tr> - <td>social.net.ua</td> - <td><a href="https://social.net.ua/about">defederates arbitrarily</a></td> - <td><a href="mailto:admin@social.net.ua">E-mail</a></td> -</tr> -<tr> - <td>spinster.xyz</td> - <td><span class="cloudflare-warning" title="uses Cloudflare">uses Cloudflare</span> (blocks Tor)</td> - <td><a href="mailto:support@spinster.xyz">E-mail</a></td> -</tr> -<tr> - <td>sunbeam.city</td> - <td>defederates arbitrarily, no transparency in moderation actions</td> - <td><a href="mailto:sunbeam.city@protonmail.com">E-mail</a></td> -</tr> -<tr> - <td>toot.cat</td> - <td><a href="https://mew.toot.cat/mw/Pub/toot.cat/block_list">defederates arbitrarily</a></td> - <td><a href="mailto:TootCat@woozalia.com">E-mail</a></td> -</tr> -<tr> - <td>vulpine.club</td> - <td><span class="cloudflare-warning" title="uses Cloudflare">uses Cloudflare</span> (blocks Tor)</td> - <td><a href="mailto:admins@vulpine.club">E-mail</a></td> -</tr> -<tr> - <td>weirder.earth</td> - <td><ul> - <li><a href="https://weirder.earth/about/more#unavailable-content">defederates arbitrarily</a></li> - <li>no official out-of-band admin contact such as E-mail</li> - </ul></td> - <td><a href="https://weirder.earth/@mykola">@mykola@weirder.earth</a> (<a href="mailto:mbilokonsky@gmail.com">E-mail</a> contact found on <a href="https://resume.myk.af/">mykola's website</a>)</td> -</tr> -<tr> - <td>yeehaw.town</td> - <td><a href="https://fediverse.network/yeehaw.town/federation">defederates arbitrarily</a></td> - <td><a href="mailto:ida@is.nota.live">E-mail</a></td> -</tr> -</table> - -<p><hr/> -<footer><p>trademark notice: the Cloudflare logo is a trademark of <a href="https://www.cloudflare.com/trademark/">Cloudflare, Inc.</a> and is used for the sole purpose of depicting the brand. I claim no affiliation with Cloudflare, Inc.</p></footer></p> -</main> - </body> -</html> diff --git a/out/files/Summitto.txt b/out/files/Summitto.txt @@ -1,103 +0,0 @@ -Date: Tue, 13 Aug 2019 12:08:33 +0000 -From: opal hart <opal@wowana.me> -To: Lucas Mul <lucas@summitto.com> -Subject: Re: PGP Packet Library -References: <CAK+RM2bhPKiw2aCjY0tbv8OqfpV+KotKL5WWXx=Ano864-xTcQ@mail.gmail.com> -Organization: Volatile -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: quoted-printable - -On Tue, 13 Aug 2019 08:43:50 +0200 -Lucas Mul <lucas@summitto.com> wrote: - -> Dear Opal, -> -> We (https://summitto.com) open-sourced a C++17 based PGP packet library. -> Using the library, you can create packets, encode and decode packet data -> and create a PGP key from e.g. a raw elliptic curve point. We've seen quite -> a lot of bad publicity for PGP lately, that's why we want to share this -> library with as many people as possible. -> -> Here you go: -> https://github.com/summitto/pgp-packet-library - -Nice, but a few things: - -I assume you simply queried keyservers and are notifying active PGP -users, or something of the sort, about this library? Or did you -approach me or my website some other way? I don't recall having any -prior relationship to Summitto, and while I am fine with unprompted -communication (otherwise I wouldn't have my E-mail address public), I am -still curious as to how people decide to reach me. - -I'm partly curious because for usual readers of my site, I believe I -make it understood how opinionated I am about certain technologies. I -rarely get correspondence originating from GMail, so seeing how your -message not only originates from Google's mail servers but also has an -ugly multipart HTML format with an image in your signature, I have to -say your message sticks out like a sore thumb from most of the mail I -get. I suggest reading about the merits of plain-text E-mail [1] and -perhaps self-hosting Summitto's MX servers. - -Also, your advocacy for PGP while at the same time not using it -yourself (or at least not publishing your key on keyservers, or -otherwise using PGP in an unorthodox fashion) leads me to believe your -proposal is somewhat disearnest. I encourage the use of PGP on my -website so I'm going to assume you make no use of PGP at all based on -this information. (Actually, after looking a bit more, I see -a key on your website [2] but it only has a key for victor@…, -which is not suitable for sending mail to you.) - - -The Summitto website itself [3] does not load properly unless either -JavaScript is enabled or CSS is blocked. This is unacceptable for a -static website. Judging from what I can see from your homepage with CSS -and JS disabled, you appear to primarily be a blockchain-based venture. -I'm too lazy to mentally parse everything else you describe Summitto to -be on the rest of your site, but to me it appears that the main goal is -to hop on a trend, a fad, as a profitable venture. Summitto's privacy -policy [4] further increases my suspicions, since you are eager to -collect analytics on users, even if it is only in-house (with the -exception of using third-party services from Twitter and LinkedIn, both -which prove to be their own hellholes that are not in any way -beneficial to the progress of technology). - - -Finally, as for the library itself [5], I express much of the same views -toward C++ as does Cat-V [6]. All I can say about your choice of C++17 -is that I do believe some people will benefit from using this library, -but personally I am very unaffected since I try my best to avoid -writing in such a language. Also, personally I have feelings against -the GPL, so even if I did find the library valuable enough to port e.g. -to C, I would be faced with licensing issues, because I make a fair -commitment to release and share my code under more-permissive licences. - -Perhaps the most important comment on the code I could make, is to -discourage use of homegrown crypto without proper third-party auditing. -If you have something like that already lined up, let me know. -Otherwise, I cannot suggest use of such a library with good intentions. - - -I will publish this message with your quoted text and my response, as -you have made no effort to encrypt to me. This way, I'm spreading the -word for you, while at the same time letting people decide for -themselves whether Summitto is reputable and competent enough to roll -its own crypto. You can find a copy on my website [7]. - -I hope my honesty does not catch you by surprise, but if this was not -the response you were expecting, then I implore you to be more careful -about where and how you market your solutions. If you're fine with -continuing on this conversation, I will make a best effort to reply. - -[1]<https://useplaintext.email/> -[2]<https://summitto.com/pgp.asc> -[3]<https://summitto.com/> -[4]<https://summitto.com/privacy-policy> -[5]<https://github.com/summitto/pgp-packet-library> -[6]<http://harmful.cat-v.org/software/c++/> -[7]<https://wowana.me/files/Summitto.txt> - -Cheers, --- -wowaname <https://wowana.me/pgp.xht> diff --git a/out/htss.xht b/out/htss.xht @@ -1,133 +0,0 @@ -<?xml version="1.0" encoding="UTF-8"?> -<!DOCTYPE html> -<html xmlns="http://www.w3.org/1999/xhtml" lang="en-GB"> - <head> - <title>HTSS: HyperText Semantic Subset – wowana.me</title> - <link rel="stylesheet" type="text/css" href="/opal.css"/> - <link href="/blog/feed.atom" type="application/atom+xml" rel="alternate" title="Blog Atom feed"/> - <meta xmlns="http://www.w3.org/1999/xhtml" name="viewport" content="width=device-width, initial-scale=1"/> - </head> - <body> - <div class="sidebar-holder"> - <header class="sidebar"> - <img class="avatar" src="https://seccdn.libravatar.org/avatar/bb7163135b77def7691f06a4e295f3d4?s=290" alt="Libravatar"/> - <h1><a class="nolink" href="/">opal</a></h1> - <p class="subheader">wowaname</p> - <nav class="topnav"> - <ul> - <li><a href="/about.xht">about</a></li> - <li><a href="/blog/">blog</a></li> - <li><a href="/contact.xht">contact</a></li> - <li><a href="/donate.xht">donate</a></li> - <li><a href="/git/">git</a></li> - <li><a href="/pgp.xht">PGP</a></li> - <li><a href="/files/">files</a></li> - <li><a href="/permalink.xht">permalink</a></li> - <li>content is <a href="https://creativecommons.org/share-your-work/public-domain/cc0">public domain</a> unless otherwise noted</li> - </ul> - </nav> - </header> - </div> - -<main> -<h1 id="HTSS%3A-HyperText-Semantic-Subset">HTSS: HyperText Semantic Subset</h1> - -<p>This is a draft for a proposed subset of (X)HTML5. None of this information is final and is subject to change without notice.</p> - -<h2 id="Why-this-instead-of-AMP%3F">Why this instead of AMP?</h2> - -<ul> -<li>AMP encourages/requires use of JS.</li> -<li>AMP utilises nonstandard HTML tags that require the use of JS to interpret.</li> -<li>AMP requires assets from a centrally-operated entity (cdn.ampproject.org).</li> -<li>AMP is currently designed to be served alongside the "canonical" HTML content. The goal with HTSS is to provide a regular subset of HTML expressive enough to serve as the canonical version.</li> -<li>AMP does not address accessibility concerns.</li> -</ul> - -<p>As an aside, AMP seems to invent the solution to a problem that only surfaced in the Web's later years. To load pages quickly, web developers and designers simply need to emphasise simplicity, and make do with more of the features of bare HTML5. Advertisers must find less-intrusive ways to market their products without compromising on usability, as well. There is plenty of literature online about AMP if you are still not convinced of its uselessness and potential harm to the Web ecosystem.</p> - -<h2 id="Key-points">Key points</h2> - -<ul> -<li>HTML documents are for HTML; it should not consist of mixed mimetypes. While JS and CSS are allowed in HTML, reserved HTML tokens still need to be entity-escaped or enclosed in a CDATA tag. The ideal solution is to serve non-HTML as separate files. This also aids in clientside caching and capabilities: the client does not have to download assets it already has, and it does not have to download assets it cannot display (CSS and images inside a text browser or screen reader, for instance). Additionally, this makes HTML cleaner by removing the use of <code>[onhover]</code>, <code>[style]</code>, and other tag attributes.</li> -<li>Content should be the primary focus. Content should either be at the very top of the page, before any navigational or supplementary site information, or accessible via a "skip to content" anchor located at the top of the page.</li> -<li>Websites should be easily navigable without the aid of CSS or JS. These assets should be additive, not required.</li> -<li>Making full use of the HTML5 standard is desirable over accepting third-party additions to the specification. Make use of standard markup when possible.</li> -</ul> - -<h2 id="What-is-required%3F">What is required?</h2> - -<ul> -<li>HTSS is a subset of HTML5 or XHTML5, therefore the document must begin with an HTML5-compatible doctype, e.g. <code>&lt;!DOCTYPE html&gt;</code> or <code>&lt;?xml version="1.0" encoding="UTF-8"?&gt;&lt;!DOCTYPE html&gt;</code>. All other (X)HTML5 rules also apply.</li> -<li>HTSS must be advertised as an HTML- or XML-compatible mimetype such as <code>text/html</code> or <code>application/xhtml+xml</code>.</li> -<li>HTSS suggests the use of XHTML5 rather than the SGML-based grammar, but for now this is not a requirement and both the full syntax specifications of HTML5 and XHTML5 are allowed.</li> -</ul> - -<h2 id="Tag-and-attribute-requirements">Tag and attribute requirements</h2> - -<p>Which tags and attributes have specific requirements in HTSS? (CSS selectors are used to refer to tags and their attributes in this section.)</p> - -<ul> -<li>Global attributes: -<ul> -<li><code>[lang]</code> (<code>[xml:lang]</code> is also acceptable for XHTML5) should be used whenever an element's language is different from its parent: for instance, <code>html[lang=en-US]</code> defines a document as United States English, which may have a Latin excerpt as <code>blockquote[lang=la]</code>.</li> -</ul></li> -<li><code>html</code>: -<ul> -<li><code>html[xmlns]</code> is required for XHTML5-valid HTSS.</li> -</ul></li> -<li><code>b</code>: Matches the HTML5 semantic meaning, when <code>strong</code> and <code>mark</code> are not appropriate.</li> -<li><code>i</code>: Matches the HTML5 semantic meaning, in that it is intended to set off foreign language text, jargon, or internal dialogue. -<ul> -<li>Use <code>i[lang]</code> when offsetting inline foreign terms.</li> -</ul></li> -<li><code>u</code>: Matches the HTML5 semantic meaning.</li> -<li><code>q</code> must be used for quotations rather than the use of the <code>"</code> or <code>'</code> characters or any smartquote or localised variants (including <code>«</code> <code>»</code> <code>“</code> <code>”</code> <code>‘</code> <code>’</code>). Use CSS to ensure the correct quotation characters are shown in the browser.</li> -<li><code>div</code>, <code>span</code>: Used for non-semantic sectioning of the HTML document, primarily useful for CSS. These must not be used when an alternative tag is available to convey the semantic meaning of the content.</li> -<li>Following recommendation, <code>pre</code> tags denote preformatted text (text that should not wrap or have its whitespace condensed). It alone is not for source code; a <code>code</code> tag shall be used within a <code>pre</code> tag to denote a block of code.</li> -<li><code>code</code>: Following HTML5 recommendation, <code>[class^="language-"]</code> (e.g. <code>&lt;code class="language-html"/&gt;</code>) may be used to denote the programming language. This has the side effect of being recognised by popular syntax highlighting scripts.</li> -<li><code>kbd</code>, <code>samp</code>, <code>var</code> follow their HTML5 semantic meanings and should be used in place of <code>code</code> when it makes sense.</li> -<li><code>table</code>: Must be used semantically for tabular <em>data</em> and not simply for styling (use <code>div</code> and CSS for that).</li> -</ul> - -<h2 id="Forbidden-tags-and-attributes">Forbidden tags and attributes</h2> - -<p>Which tags and attributes are forbidden in HTSS?</p> - -<ul> -<li>Global attributes: -<ul> -<li><code>[style]</code> violates the exclusion of <code>text/css</code> content inside HTSS. Use separate stylesheets with appropriate selectors, for instance the use of <code>[id]</code> or <code>[class]</code> attributes.</li> -</ul></li> -<li>Event handler attributes (<code>[on*]</code> JavaScript attributes such as <code>[onclick]</code>). these violate the exclusion of <code>application/javascript</code> inside HTSS. Include script files as separate assets and register callbacks from within the script.</li> -<li>Any HTML5 tag or attribute marked deprecated.</li> -<li>Any HTML5 tag or attribute marked nonstandard and/or vendor-specific.</li> -</ul> - -<h2 id="Suggestions-for-automated-HTSS-linting">Suggestions for automated HTSS linting</h2> - -<p>Just as validators and linters exist for HTML and AMP, it is useful to have a preliminary linting for documents trying to conform to HTSS. Note that since many of the rules are semantic in nature, an automated system cannot be expected to discern correct usage of tags, as it cannot understand the content of a document in the same capacity that a human can. Such an HTSS linter could only catch low-hanging fruit: obvious syntactic violations of HTSS, such as invalid tags.</p> - -<p>Such information is also useful in creating other software that prioritises HTSS, such as an HTSS-conformant Web browser.</p> - -<ul> -<li>As HTSS is a subset of HTML5 or XHTML5, HTSS must first validate as HTML5 or XHTML5.</li> -<li>All elements that are <a href="https://developer.mozilla.org/en-US/docs/Web/HTML/Element#Obsolete_and_deprecated_elements" title="Obsolete and deprecated HTML elements">deprecated or obsolete as defined in HTML5</a>, are not allowed in HTSS.</li> -<li>Event handler attributes (as mentioned above, the <code>[on*]</code> global attributes for JavaScript) and <code>[style]</code> attribute are not allowed in HTSS.</li> -</ul> - -<h2 id="Other">Other</h2> - -<p>Not in scope for HTSS, but additional points to consider:</p> - -<ul> -<li>Use of normalised URIs that are easily mapped to the underlying filesystem; meaning: -<ul> -<li>the use of file extensions such as <code>.html</code> or <code>.htm</code>, <code>.xhtml</code> or <code>.xht</code>, <code>.css</code>, <code>.svg</code>, et cetera; and</li> -<li>directories requiring trailing slash and displaying a predefined index page, for example <code>/videos/</code> for the video section of a website.</li> -</ul></li> -<li>On UNIX-based systems, the use of file permissions to denote executable (CGI) resources.</li> -</ul> -</main> - </body> -</html> diff --git a/out/permalink.xht b/out/permalink.xht @@ -1,54 +0,0 @@ -<?xml version="1.0" encoding="UTF-8"?> -<!DOCTYPE html> -<html xmlns="http://www.w3.org/1999/xhtml" lang="en-GB"> - <head> - <title>permalink – wowana.me</title> - <link rel="stylesheet" type="text/css" href="/opal.css"/> - <link href="/blog/feed.atom" type="application/atom+xml" rel="alternate" title="Blog Atom feed"/> - <meta xmlns="http://www.w3.org/1999/xhtml" name="viewport" content="width=device-width, initial-scale=1"/> - </head> - <body> - <div class="sidebar-holder"> - <header class="sidebar"> - <img class="avatar" src="https://seccdn.libravatar.org/avatar/bb7163135b77def7691f06a4e295f3d4?s=290" alt="Libravatar"/> - <h1><a class="nolink" href="/">opal</a></h1> - <p class="subheader">wowaname</p> - <nav class="topnav"> - <ul> - <li><a href="/about.xht">about</a></li> - <li><a href="/blog/">blog</a></li> - <li><a href="/contact.xht">contact</a></li> - <li><a href="/donate.xht">donate</a></li> - <li><a href="/git/">git</a></li> - <li><a href="/pgp.xht">PGP</a></li> - <li><a href="/files/">files</a></li> - <li><a href="/permalink.xht">permalink</a></li> - <li>content is <a href="https://creativecommons.org/share-your-work/public-domain/cc0">public domain</a> unless otherwise noted</li> - </ul> - </nav> - </header> - </div> - -<main> -<h1 id="permalink">permalink</h1> - -<p>I offer my site over <a href="https://geti2p.net/">I2P</a> and <a href="https://torproject.org/">Tor</a> for increased security and anonymity. you can use and share these links as you wish.</p> - -<ul> -<li><a href="http://opal.i2p/?i2paddresshelper=li5kue3hfaqhhvaoxiw2ollhhkw765myhwcijgock5rs4erdqdaa.b32.i2p">opal.i2p, HTTP</a></li> -<li><a href="https://opal.ano/">opal.ano, HTTPS</a></li> -<li><a href="http://opal.ano/">opal.ano, HTTP</a></li> -<li><a href="http://opalwxdqzyuwo2vbipp3facjuuztfjwauai7fghh2ggbcl7enuvfg6yd.onion/">opalwxdqzyuwo2vbipp3facjuuztfjwauai7fghh2ggbcl7enuvfg6yd.onion, HTTP</a></li> -<li><a href="http://opalrwf4mzmlfmag.onion/">opalrwf4mzmlfmag.onion, HTTP</a></li> -<li><a href="https://wowana.me/">wowana.me</a>, HTTPS (using <a href="https://letsencrypt.org/">Let's Encrypt</a> certificate)</li> -<li><a href="http://wowana.me/">wowana.me</a>, HTTP</li> -</ul> - -<p>switching entirely to quark and stunnel means I no longer have an easy -way to redirect users to the HTTPS version of wowana.me. any current -HSTS rules in your browser will still apply until they expire. I am -debating whether I will re-implement HSTS and redirecting or leave it -as-is.</p> -</main> - </body> -</html> diff --git a/out/pgp.xht b/out/pgp.xht @@ -1,46 +0,0 @@ -<?xml version="1.0" encoding="UTF-8"?> -<!DOCTYPE html> -<html xmlns="http://www.w3.org/1999/xhtml" lang="en-GB"> - <head> - <title>pgp – wowana.me</title> - <link rel="stylesheet" type="text/css" href="/opal.css"/> - <link href="/blog/feed.atom" type="application/atom+xml" rel="alternate" title="Blog Atom feed"/> - <meta xmlns="http://www.w3.org/1999/xhtml" name="viewport" content="width=device-width, initial-scale=1"/> - </head> - <body> - <div class="sidebar-holder"> - <header class="sidebar"> - <img class="avatar" src="https://seccdn.libravatar.org/avatar/bb7163135b77def7691f06a4e295f3d4?s=290" alt="Libravatar"/> - <h1><a class="nolink" href="/">opal</a></h1> - <p class="subheader">wowaname</p> - <nav class="topnav"> - <ul> - <li><a href="/about.xht">about</a></li> - <li><a href="/blog/">blog</a></li> - <li><a href="/contact.xht">contact</a></li> - <li><a href="/donate.xht">donate</a></li> - <li><a href="/git/">git</a></li> - <li><a href="/pgp.xht">PGP</a></li> - <li><a href="/files/">files</a></li> - <li><a href="/permalink.xht">permalink</a></li> - <li>content is <a href="https://creativecommons.org/share-your-work/public-domain/cc0">public domain</a> unless otherwise noted</li> - </ul> - </nav> - </header> - </div> - -<main> -<h1 id="pgp">pgp</h1> - -<p>my current key is <a href="/pgp/0xFB02FDAFD6C05FE4.asc"><samp>FB02 FDAF D6C0 5FE4</samp></a>. use it to encrypt your messages to me, and use it to verify my signed messages.</p> - -<p><strong>my key is ECC-only. you must have GnuPG 2.0 or newer</strong> or another compatible PGP program.</p> - -<p>when contacting me, <strong>you must provide me a public key with a <em>valid E-mail address</em></strong> or I will ignore it.</p> - -<p><strong>my old key <samp>41CE 277C 721A 889E</samp> has been revoked.</strong> you can verify this by using <kbd>gpg --refresh-keys</kbd>, <kbd>gpg --receive-keys 0x41CE277C721A889E</kbd>, or <kbd>gpg --fetch-keys https://wowana.me/pgp/0x41CE277C721A889E.asc</kbd>.</p> - -<p>I'm <a href="https://keybase.io/opal">keybase/opal</a> <span class="altnet-permalinks">{ <a class="tor-permalink" href="http://keybase5wmilwokqirssclfnsqrjdsi7jdir5wy7y7iu3tanwmtp6oid.onion/opal">.onion</a> }</span> as well.</p> -</main> - </body> -</html> diff --git a/out/software.xht b/out/software.xht @@ -1,267 +0,0 @@ -<?xml version="1.0" encoding="UTF-8"?> -<!DOCTYPE html> -<html xmlns="http://www.w3.org/1999/xhtml" lang="en-GB"> - <head> - <title>my software choices – wowana.me</title> - <link rel="stylesheet" type="text/css" href="/opal.css"/> - <link href="/blog/feed.atom" type="application/atom+xml" rel="alternate" title="Blog Atom feed"/> - <meta xmlns="http://www.w3.org/1999/xhtml" name="viewport" content="width=device-width, initial-scale=1"/> - </head> - <body> - <div class="sidebar-holder"> - <header class="sidebar"> - <img class="avatar" src="https://seccdn.libravatar.org/avatar/bb7163135b77def7691f06a4e295f3d4?s=290" alt="Libravatar"/> - <h1><a class="nolink" href="/">opal</a></h1> - <p class="subheader">wowaname</p> - <nav class="topnav"> - <ul> - <li><a href="/about.xht">about</a></li> - <li><a href="/blog/">blog</a></li> - <li><a href="/contact.xht">contact</a></li> - <li><a href="/donate.xht">donate</a></li> - <li><a href="/git/">git</a></li> - <li><a href="/pgp.xht">PGP</a></li> - <li><a href="/files/">files</a></li> - <li><a href="/permalink.xht">permalink</a></li> - <li>content is <a href="https://creativecommons.org/share-your-work/public-domain/cc0">public domain</a> unless otherwise noted</li> - </ul> - </nav> - </header> - </div> - -<main> -<h1 id="my-software-choices">my software choices</h1> - -<p>a list of software I use, whether I recommend it or will attempt to -replace it (<q>good enough</q> column in table), any support channels -such as a users mailing list or a community IRC channel (lately I've -come to prefer E-mail due to its better likelihood of response), and any -other comments I may have about it. for the desktop/server software, -this list of software is what you could expect me to maintain if I make -a Linux distro of my own, which I plan to do when I have time.</p> - -<p>I hope to maintain mailing list archives for the public support lists as -well, in case anything should happen to the main archives. I have found -it helpful to have my own copy of this mail in order to easily search -for solutions to my issues, in such a way a normal web search cannot -satisfy.</p> - -<h2 id="Linux-desktop">Linux desktop</h2> - -<table> -<tr> - <th>software</th> - <th>good enough?</th> - <th>mailing list</th> - <th>community chat</th> - <th>comments</th> -</tr> -<tr> - <td><a href="https://claws-mail.org/">claws-mail</a></td> - <td><del>yes, but</del> <ins>lately having issues handling large maildirs</ins> I plan to experiment with NMH and vim to devise a better workflow</td> - <td><a href="mailto:users@lists.claws-mail.org">users@lists.claws-mail.org</a> [<a href="https://claws-mail.org/MLs.php">info</a>]</td> - <td><a href="ircs://irc.freenode.net/claws">freenode #claws</a></td> - <td>I use it to manage mail accounts, mailing list archives, RSS feeds, and newsgroup subscriptions</td> -</tr> -<tr> - <td><a href="https://tools.suckless.org/dmenu/">dmenu</a></td> - <td>yes</td> - <td><a href="mailto:dev@suckless.org">dev@suckless.org</a> [<a href="https://suckless.org/community/">info</a>]</td> - <td></td> - <td>useful for running programs and for various other tools/scripts I write</td> -</tr> -<tr> - <td><a href="https://dunst-project.org/">dunst</a></td> - <td>yes</td> - <td></td> - <td><a href="ircs://irc.freenode.net/dunst">freenode #dunst</a></td> - <td></td> -</tr> -<tr> - <td>Gajim</td> - <td>no. I'm writing <a href="https://krustykrab.restaurant/achlys.html">achlys</a> which will eventually have XMPP support if everything goes well.</td> - <td></td> - <td><a href="xmpp:gajim@conference.gajim.org?join">XMPP gajim@conference.gajim.org</a></td> - <td></td> -</tr> -<tr> - <td><a href="http://hydrusnetwork.github.io/hydrus/">hydrus</a></td> - <td>I may write a more <q>UNIX-y</q> client, but it serves my needs well as-is</td> - <td></td> - <td><a href="https://discord.gg/3H8UTpb">discord</a></td> - <td></td> -</tr> -<tr> - <td>i3wm</td> - <td>yes, fits my workflow perfectly. tiny chance I may experiment with other tiling WMs. if wayland proves to be better, I will switch to sway.</td> - <td></td> - <td></td> - <td></td> -</tr> -<tr> - <td>irssi</td> - <td>no. I'm writing <a href="https://krustykrab.restaurant/achlys.html">achlys</a> with IRC support.</td> - <td></td> - <td><a href="ircs://irc.freenode.net/irssi">freenode #irssi</a></td> - <td></td> -</tr> -<tr> - <td>KeePassXC</td> - <td>yes</td> - <td></td> - <td></td> - <td>the database format is compatible with KeePass DX for Android. I also use a Firefox extension to provide integration with XC.</td> -</tr> -<tr> - <td>Mozilla Firefox</td> - <td>no. hopefully I can lessen my need for a <q>modern</q> web browser</td> - <td><a href="mailto:support-firefox@lists.mozilla.org">support-firefox@lists.mozilla.org</a> [<a href="https://lists.mozilla.org/">info</a>]</td> - <td><a href="ircs://irc.mozilla.org/firefox">irc.mozilla.org #firefox</a></td> - <td>playing around with links2 and netsurf, heading for native compiled applications rather than webapps, et cetera</td> -</tr> -<tr> - <td><a href="https://github.com/themix-project/oomox">oomox</a></td> - <td>yes, allows for easy creation of GTK+ colour schemes</td> - <td></td> - <td></td> - <td></td> -</tr> -<tr> - <td>vim (and gvim)</td> - <td>maybe, unless nvim proves to be better</td> - <td><a href="mailto:vim@vim.org">vim@vim.org</a> [<a href="https://www.vim.org/maillist.php">info</a>]</td> - <td><a href="ircs://irc.freenode.net/vim">freenode #vim</a></td> - <td></td> -</tr> -</table> - -<h2 id="Linux-server">Linux server</h2> - -<table> -<tr> - <th>software</th> - <th>good enough?</th> - <th>mailing list</th> - <th>IRC support</th> - <th>comments</th> -</tr> -<tr> - <td><a href="https://www.dovecot.org/">dovecot</a></td> - <td>yes</td> - <td><a href="mailto:dovecot@dovecot.org">dovecot@dovecot.org</a> [<a href="https://www.dovecot.org/mailing-lists">info</a>]</td> - <td><a href="ircs://irc.freenode.net/dovecot">freenode #dovecot</a></td> - <td>[1]</td> -</tr> -<tr> - <td>ejabberd</td> - <td></td> - <td></td> - <td></td> - <td>[1]; using this on my laptop for wowana.me because I already have erlang for pleroma</td> -</tr> -<tr> - <td><a href="http://www.mirbsd.org/mksh.htm">mksh</a></td> - <td>yes</td> - <td><a href="mailto:miros-mksh@mirbsd.org">miros-mksh@mirbsd.org</a> [<a href="http://www.mirbsd.org/rss.htm#lists">info</a>]</td> - <td><a href="ircs://irc.freenode.net/!%2fbin%2fmksh">freenode #!/bin/mksh</a></td> - <td></td> -</tr> -<tr> - <td><a href="https://nginx.org/">nginx</a></td> - <td>while nginx is a remarkable webserver, I hope to simplify my HTTP needs to the point where a simpler httpd will suffice</td> - <td><a href="mailto:nginx@nginx.org">nginx@nginx.org</a> [<a href="https://nginx.org/en/support.html">info</a>]</td> - <td><a href="ircs://irc.freenode.net/nginx">freenode #nginx</a></td> - <td>[1]</td> -</tr> -<tr> - <td>Pleroma</td> - <td>no, planning to fork honk</td> - <td></td> - <td><a href="ircs://irc.freenode.net/pleroma">freenode #pleroma</a></td> - <td></td> -</tr> -<tr> - <td><a href="http://www.postfix.org/">Postfix</a></td> - <td>yes</td> - <td><a href="mailto:postfix-users@postfix.org">postfix-users@postfix.org</a> [<a href="http://www.postfix.org/lists.html">info</a>]</td> - <td><a href="ircs://irc.freenode.net/postfix">freenode #postfix</a></td> - <td>[1]</td> -</tr> -<tr> - <td><a href="https://prosody.im/">Prosody</a></td> - <td>yes (aside from lua dependency)</td> - <td><a href="mailto:prosody-users@googlegroups.com">prosody-users@googlegroups.com</a> [<a href="https://prosody.im/discuss">info</a>]</td> - <td><a href="xmpp:prosody@conference.prosody.im?join">XMPP prosody@conference.prosody.im</a></td> - <td>[1]</td> -</tr> -<tr> - <td><a href="https://github.com/matrix-org/synapse">Synapse</a></td> - <td>no, waiting for Construct</td> - <td></td> - <td><a href="https://matrix.to/#/#synapse:matrix.org">Matrix #synapse:matrix.org</a></td> - <td></td> -</tr> -</table> - -<hr /> - -<ol> -<li>I plan to release my configurations publicly via git.</li> -</ol> - -<h2 id="Android">Android</h2> - -<p>most apps I use are <q>good enough</q> because I have different -requirements on my mobile device than I do on my desktop. are they -perfect? probably not, but the ecosystem is fairly limited, and I have -faith that the small issues that do exist in verious apps are fixable.</p> - -<table> -<tr> - <th>app</th> - <th>comments</th> -</tr> -<tr> - <td>andOTP</td> - <td></td> -</tr> -<tr> - <td>Conversations</td> - <td></td> -</tr> -<tr> - <td>F-Droid</td> - <td></td> -</tr> -<tr> - <td>K-9 Mail</td> - <td></td> -</tr> -<tr> - <td>NewPipe</td> - <td></td> -</tr> -<tr> - <td>OpenKeyChain</td> - <td></td> -</tr> -<tr> - <td>Orgzly</td> - <td></td> -</tr> -<tr> - <td>OsmAnd~</td> - <td></td> -</tr> -<tr> - <td>Termux</td> - <td></td> -</tr> -<tr> - <td>Twidere</td> - <td>by far the best microblog app I've used. I plan to fork and focus on Mastodon API development and bugfixes.</td> -</tr> -</table> -</main> - </body> -</html>