diff options
author | Frederick Yin <fkfd@macaw.me> | 2020-04-23 19:56:10 +0800 |
---|---|---|
committer | Frederick Yin <fkfd@macaw.me> | 2020-04-23 19:56:10 +0800 |
commit | b8b525b213e6256513dce8ef20aa82889b4a63c2 (patch) | |
tree | 90af8a6c24329ae0396d25d0df0f2fefb21b6e52 /docs |
Initial commit
Custom alabaster theme
3 blogposts and 2 metaposts
Deployment script
Diffstat (limited to 'docs')
-rw-r--r-- | docs/haiku.md | 41 | ||||
-rw-r--r-- | docs/img/favicon.ico | bin | 0 -> 4154 bytes | |||
-rw-r--r-- | docs/img/rickstodon-youtube-GET.webp | bin | 0 -> 12322 bytes | |||
-rw-r--r-- | docs/img/rickstodon.webp | bin | 0 -> 49910 bytes | |||
-rw-r--r-- | docs/index.md | 5 | ||||
-rw-r--r-- | docs/meta.md | 41 | ||||
-rw-r--r-- | docs/realgit.md | 71 | ||||
-rw-r--r-- | docs/rickstodon.md | 253 |
8 files changed, 411 insertions, 0 deletions
diff --git a/docs/haiku.md b/docs/haiku.md new file mode 100644 index 0000000..5c5cc2b --- /dev/null +++ b/docs/haiku.md @@ -0,0 +1,41 @@ +# Haiku collection + +This is a collection of haiku I composed on February 19, 2020, published on mastodon.technology. See [thread](https://mastodon.technology/@fakefred/103683337253008138). + +## Printer + +I do not have the +Slightest fucking intention +To fix that printer + +Background: my inkjet jammed up. + +## Arch in a Nutshell + +What goes wrong if I +`sudo pacman -Syu`? +Google "Arch rollback" + +How to read: + +- `-Syu` is pronounced "S Y U". + +## Python + +``` +#!/usr/bin/python +# what if it gets self-aware? +raise SystemExit +``` + +How to read: + +- `#!/usr/bin/python`: "user bin python" +- `#` is silenced + +## Paccache + +`$ sudo paccache -r` +20 gigas freed from disk +very delighted + diff --git a/docs/img/favicon.ico b/docs/img/favicon.ico Binary files differnew file mode 100644 index 0000000..c6dbd3a --- /dev/null +++ b/docs/img/favicon.ico diff --git a/docs/img/rickstodon-youtube-GET.webp b/docs/img/rickstodon-youtube-GET.webp Binary files differnew file mode 100644 index 0000000..c5c70aa --- /dev/null +++ b/docs/img/rickstodon-youtube-GET.webp diff --git a/docs/img/rickstodon.webp b/docs/img/rickstodon.webp Binary files differnew file mode 100644 index 0000000..5a64e3f --- /dev/null +++ b/docs/img/rickstodon.webp diff --git a/docs/index.md b/docs/index.md new file mode 100644 index 0000000..ee1b9ea --- /dev/null +++ b/docs/index.md @@ -0,0 +1,5 @@ +# You are in the wrong place. Leave. + +Why are you here? Are you here because you wanna "learn more" about me, you creep? Or you wanna know some metadata? Go to [the meta page](/meta). Nobody should be checking the index page; I put it in here merely because this damn thing navigates with hashes and it won't let me update if I don't include the index. I would never share the index page of my blog. If you are here to check for updates, you have done something **monumentally wrong**. There is no such thing called an "update". This is a mere archive of textual rant and thonks that would otherwise be unfit in a comic. If I ever wanted you to read an article of mine, I would attach the entire path to it. Under and only under this circumstance should you check my "blog". + +Oh, you're not leaving. Good. I wish I could just put `</body>` here so that the webpage would end, but you would just hit devtools and read the source. As to the non-tech-savvy audience, they would just hit refresh ever so frantically wondering what the heck is up with their internet. You may not proceed. Leave immediately. Leave before the `</p>`. This is a threat. diff --git a/docs/meta.md b/docs/meta.md new file mode 100644 index 0000000..c80807d --- /dev/null +++ b/docs/meta.md @@ -0,0 +1,41 @@ +# Blog Meta + +## PGP + +[PGP PUBLIC KEY BLOCK](https://fkfd.me/static/fakefred.asc) + +`AC06 E08F D1BC F73A 9A0C 7956 E7A7 854F 5BFC A33B` + +## License + +[CC BY-NC 4.0](https://creativecommons.org/licenses/by-nc/4.0/) unless otherwise stated. + +## Contact + +[Mastodon.technology](https://mastodon.technology/@fakefred) + +[fkfd@fkfd.me](mailto:fkfd@fkfd.me) + +## Medium + +Tired of social media buttons and excessive fancy animations provided by too many blogging themes, I quit. So here you are, in a static-site blog generated with MkDocs (a documentation engine written in Python, like Sphinx, which is known for its appearance in ReadTheDocs). I call this "Blogumentation". + +Here is a list of blogging media I was more reluctant to use: + +- A static site generator I got from [trivial technologies](https://trivial.technology/), literally named "ssg", written in Perl. It is currently used for + [usable technologies](https://fkfd.me/ut). +- A self-hosted pastebin. The links would be a mess, albeit short. +- HTML+CSS from scratch. Not mobile-friendly, and I'm too lazy for it. +- Sphinx. Its major language is rst, which I do not master. +- Hugo. I didn't want a Go environment on my machine. + +key | value +-----------|---------- +features | not many +speed | fast enough +SEO | doesn't matter +javascript | none +analytics | none +trackers | none +original | yes +DMCA takedown notice | fuck you diff --git a/docs/realgit.md b/docs/realgit.md new file mode 100644 index 0000000..e6eb487 --- /dev/null +++ b/docs/realgit.md @@ -0,0 +1,71 @@ +# The Real Git + +This post is for young developers like me, ditching GitHub/Lab for Gitea with a self-recognition as a hipster. There is a TL;DR at the bottom. + +For too long have I held the incorrect belief that we needed a GitHub alternative that federates, and joins the fediverse using ActivityPub. Well, it could be a thing. Gitea is good, and I'd be pleased to see it get better by implementing AP. + +## Interface + +Ask yourself: is a web app the only way to do issues/tickets, pull requests/merge requests, etc? Golden Krishna, in his book *The Best Interface is No interface*, sharply criticizes how people take it for granted that a good product deserves a good UI. It would be a no-brainer for them to "Slap an Interface on it". Over the course of GitHub's "success", shiny tabs labeled "issues" and "pull requests" gain ubiquity on other VCS frontends. It disrupted the industry. + +How did developers contribute to FOSS projects back when GitHub wasn't a thing? Well, before StackOverflow, we had forums. Similarly, before GitHub, we had mailing lists. It has been long known to me that the Linux kernel is developed on a mailing list, where contributors would submit patches and receive a *Wish You Were Never Born, Dumbass* Certificate from Linus. However I, along with many others had no idea how it's *actually* done. Check out [the PR page of the Linux repo on GitHub](https://github.com/torvalds/linux/pulls). *Too many* people have mistaken a web UI, if not limited to GitHub, for *the* development platform for *anything*. Well, it's definitely not how Linux is developed. + +The web interface is intrusive. You may be unsurprised to hear some people, typically new coders making their own GitHub page, code directly into GitHub's web editor, commit one file at a time, and test changes in the browser. It's the UI mindset. GitHub and websites alike hijacked us, and we didn't even know. The reason why will be analyzed. + +You notice a clear distinction between "coders" and "developers": it's like human evolution, the command of tools. Git is a tool; so is GitHub. A tool is intended to excel at a limited range of work. If you cry about how GitHub sucks as a cloud drive, you are cracking a walnut with a drill. Sharpening your skill is a superset of mastering the toolchain. Likewise, it seems sensible for me to, at this point of my coding hobby, leap out of the interfaces and embrace what Git should have been. After all, what we really wanted is not an interface, but a workflow, in which field Git's utilities work just fine. + +## The Real Git + +I will use [sourcehut](https://sourcehut.org/), aka sr.ht as an example. I stumbled upon it a while ago, but it wasn't until yesterday that I tried it out for its simplicity. Simple as in no bloat, not in being for dummies. For starters, there's no JavaScript. Really, you should check out its interface. Or not. It doesn't matter, something else does, and I sincerely regret having overlooked this "selling point": the absence of selling points. The UI does not only *look* simple, it *is* simple. You can't do pretty much anything with it. For this reason, I refuse to call it "Git on steroids"; instead, it's "Git without hurdles", hurdles scattered in your dev work every single day. OK, listen carefully: all the interactions I used to assume to be web-only, happen on mailing lists. To submit a patch (retro version of "pull request" - remember that?), you simply commit your changes locally, run this command: `git send-email --to="~user/repo@lists.sr.ht" HEAD~`, and your patch is out there waiting for review. Of course, a shitload of configuration has to be done ahead, which is partly why this email-driven development hasn't really taken off in the younger demographic. + +Despite its drawbacks, I find it superior to web apps. First of all it obviously saves bandwidth as well as time, since no time is wasted on the UI; the terminal plus an email client satisfy all needs. Second is because it's *dank as shit*. With the right configuration, you can set up a TUI email client, which enables you to combine the entirety of your workflow in the terminal. Finally, and the **most importantly**: it does *not* require an account for contributors to submit a patch. All it takes is your email address as your identity, and an email containing your patch. And *this*, is how Git is supposed to work. Read more on @OTheB's blogpost, the one that had me sold: [how to use git](https://boxin.space/post/how-to-use-git) (with fancy screenshots I'm too lazy to take). I'm not asking you to stop using web UI's; I'm reasoning how the alternative is more efficient, and should be considered as a solid option. + +### When is this approach favorable? + +Under what circumstance should you try this? When you're in a (probably small in core contributors) team maintaining a project actively. Mails feel more like a to-do list for today than a kanban for this month, as you may find in a web forge. Patches and feedback get stuck in the mailbox before you resolve them. You'll be more motivated to fix them or respond to them. + +## Pains + +### Email + +With any given Git hosting platform with a fancy UI, you very likely use your email to login. After that, you only occasionally receive notifications in your mailbox. Stuff happens over HTTP mainly, so it doesn't matter if you're using a shitty webmail interface like GMail. Let's say you ditched GitHub and went all in on email-driven development. Now email becomes a crucial part of your web-free workflow, and you can't just use another web interface while expecting to be a 10x dev. Furthermore, the email address is no longer *part* of your identity; it *is* your identity. Your patches are submitted through it, PGP key generated under it. So it is utterly critical to get this right before you even start. + +#### Provider + +It would be best if you have a personal server and are able to install a mail server yourself. I can't. Fortunately, I found a provider, thanks to [Drew DeVault's recommendation](https://cmpwn.com/@sir/102452352875414214) (first on the list). (Oh, did I mention Drew is Sourcehut's creator?) + +#### Local client + +IMAP and SMTP are old. This means were you to manually set up your account, there'd be standards and conventions, old and new, in any given field to fill out when configuring a client. For example (excuse my stupidity), TLS and STARTTLS are somewhat different, but I'm too lazy to check. I spent a tediously long time configuring 5 clients, 2 of which are working. + +In the [list.sr.ht wiki](https://man.sr.ht/lists.sr.ht/etiquette.md), I learned to [use plain text in email](httpd://useplaintext.email) and keep email etiquette in mind. This is easily achievable. + +I also had a reasonably short time setting up an SMTP client (turns out to be different from an fully-fledged email client), namely `msmtp`. It's a CLI utility for sending emails. You can configure `git send-email` to use it as one of the possible methods. See [git-send-email website](https://git-send-email.io/). + +### Community + +Admit it: mailing lists, although barrier-free, rarely gets as much attention as a web UI like a GitHub issue thread. Also, easy it may have been for you to get a email address you're proud to tell others, others' may be crap like SweeetBabe.69owo@gmail.com. Using email just feels more personal. For this reason, I suggest we use email-driven development for collaborative projects with a firm maintainer team, encourage experienced devs to join, and leave the mailing list as a feedback channel for regular users. Keep a mirror on a "regular" forge, as is the case for Linux, but I can't help cringing at [how](https://github.com/torvalds/linux/pull/695) [many](https://github.com/torvalds/linux/pull/708) [joke](https://github.com/torvalds/linux/pull/727) [PR's](https://github.com/torvalds/linux/pull/753) [it's](https://github.com/torvalds/linux/pull/767) [got](https://github.com/torvalds/linux/pull/779). (I mean, *some* of them are funny.) And a bot would reply under them, taking them to the mailing list. When you make a mirror, however, perhaps you should tell people about it in advance. + +## Reflection + +I reflected on myself, the guy who thought himself a hipster migrating from GitHub to Codeberg. + +### Why had I never heard of email-driven development? + +At the news GitHub banned Iranian users without notice under the sanction, I was equally outraged as many of its users. I reached out to [ForgeFed](https://forgefed.peers.community/) to discuss how we should make federated forge services, unaware the distributed nature of Git itself. I also started an issue thread in a repo protesting GitHub's abrupt decision, under which although one person noted how Git is decentralized already, nobody seemed to bring up anything about mailing lists or stuff like `git am`. I suppose the mailing list gang had left GitHub for good? A few days later, speaking up my opinions on IRC, some friends reminded me of the email-as-an-identity thing, but still no mailing list. So, that's basically why I heard of such a thing nine months later than I should have. + +### What made me think web UI is the orthodoxy? + +It's the first impression. GitHub (ironically) is my first mentor in FOSS. Like many others, I had no idea what GitHub and Git actually are, nor their relationship. As a result, it became a mindset, a mindset where I push buttons for actions and click checkboxes for options. It's undesirable, if you know what I mean. It's a shame for a Linux user for 3 years to be stuck in the web app for what could've been done in the terminal. Interfaces made email appear more old-fashioned than it really is, and this illusion harmed me. I wish I could ask for compensation. + +### How many other young devs exactly like me are out there, suffering? + +A lot. While beginners tend to wet their hands in a web environment they're familiar with, others like me will regret not having heard of the opposite sooner. That's why I'm asking you to share the word to whoever wants to take their development efficiency one level higher. Not necessarily on sr.ht (they do release their applications as free software, with the need of a mail server). It's worth learning how to amend a commit, rebase, etc. + +## TL;DR + + Many people believed the GitHub-like UI is the way all FOSS is developed. They are wrong. A web UI is not the only nor the original way to use git; you could use [git-send-email](https://git-send-email.io) to submit patches in mailing lists, and as maintainers you can merge them using git's stock utilities. Some people have never heard of the latter because they were never told about it; meanwhile, the web UI has hijacked their mindset. [Sourcehut](https://sourcehut.org/) is an example of email-driven development with a minimalistic web frontend. In such development scheme you will find your workflow more efficient, especially if you are used to a terminal. The obvious pain in the neck is a good mailbox as your identity and a local client that doesn't suck. I hope you're experienced enough to figure those out. Then it's the low public exposure of a mailing list. Perhaps maintain a mirror on a UI-driven site as a portfolio. + + The reason why I had never heard of such a thing before is no one told me the exact thing I needed to know. Also GitHub formed the stereotype of a git forge. There are certainly other young people suffering, unaware of email-driven development being an option. Tell them this thing has been around for 15 years. + +Last updated: 2020-04-23 diff --git a/docs/rickstodon.md b/docs/rickstodon.md new file mode 100644 index 0000000..45a69d7 --- /dev/null +++ b/docs/rickstodon.md @@ -0,0 +1,253 @@ +# Rickstodon - Rickroll Your Friends (or Foes) With A Fake Mastodon Registration Page + +## -- Introducing a new way to present an old prank + +![screenshot with most of the buttons and links on the page pointing to the signature rickroll cover image on youtube](img/rickstodon.webp) + +See [video demo](https://fkfd.me/static/rickstodon.mp4); hosted on [social.fkfd.me](https://social.fkfd.me); see [Codeberg repo](https://codeberg.org/fakefred/rickstodon) + +## How to host it? + +Because Mastodon is licensed under AGPL, and the frontend is not explicitly excluded, I doubt the legitimacy to redistribute it unlicensed. Therefore, this repo only contains a guide to make your own Rickstodon in N easy steps. You need either a working nginx, or python+pyramid. + +## Prepare a place for your prank + +Get a domain. If you already have one, you can always add a subdomain record into its DNS settings, typically available in the registrar's web panel. For example, `social.[your.domain]` is a subdomain that seems totally legit. Set up an A/AAAA record pointing to your server IP. Let's call this domain `social.legit.website` throughout the tutorial. + +## Capture the Mastodon + +Go to a Mastodon instance you are logged out of. You will be redirected to its about page, which looks like the screenshot above. Download the page using your browser, including the files. Chromium seemed to be unable to fetch the files? idk. Firefox works fine. Press ctrl+s to save `about.html`, as well as its embedded files into a directory called `about_files`. + +You will see your files in a structure like: + +``` +about.html +about_files/ + common-9fa4342b.css + d96d39a0abb45b92.png # admin avatar + f6a76f37d508b407.png # user avatar + fc87edd00a925e4c.png # user avatar + 56270e3bbd5ef1a4.png # user avatar + vlcsnap-2018-08-27-16h43m11s127.png # the mastodon-paper planes-trumpet picture + common-a45d1c15f1388e6b8338.js + default-78232038.css + favicon.ico + locale_en-0b1defbea6f42c8f057f.js + public-5e7c276e9e232153d9c4.js +``` + +Open `about.html` in your browser. The files should load in their respective place because the filepaths are substituted with `/about_files/xxx`, except for external links, which are retained, e.g. `Documentation` links to `https://docs.joinmastodon.org/` unchanged. + +Now that you've shut the mastodon in the cage, this is where the fun begins. + +## Teaching the Mastodon to rickroll + +Open and edit `about.html`. It is quite large for some text editors (~25 KiB). It's unindented by default. Format it using a code formatter to save your eyes from burning. + +Remember the site you fetched the page from? Change all occurrences of that site (for example, `mastodon.social` to yours: `social.legit.website`. For example, in `<head></head>`, you may see the following: + +```html +<link href="https://mastodon.social/about" rel="canonical" /> +<meta + content="Server run by the main developers of the project It is not focused on any particular niche interest - everyone is welcome as long as you follow our code of conduct!" + name="description" +/> +<meta content="Mastodon hosted on mastodon.social" property="og:site_name" /> +<meta content="https://mastodon.social/about" property="og:url" /> +<meta content="website" property="og:type" /> +<meta content="Mastodon" property="og:title" /> +<meta + content="Server run by the main developers of the project It is not focused on any particular niche interest - everyone is welcome as long as you follow our code of conduct!" +/> +``` + +Edit the URL's, edit meta content, you name it. The meta content also goes into the visible `<div class="hero-widget">`; search for it and replace its text. + +Done? Good! Now when you check out your site, it has your domain on it. But things are not right! People won't believe that this instance, unexpectedly under Eugen's administration, could attract 503k users in two short days. You need to modify those data as well. Search for `Administered by:` and `Server stats:`. These data are right under them. A value like 41 users/32 MAU is adequately deceiving. + +But waaaaait. You still have Eugen's avi beside your name. This is easy: get your avi, place it under `about_files`, change those filenames in `about.html` accordingly. Same for other people's avis you wish to show. Under the `Administered by:` there is: + +```html +<div + class="account__avatar" + style="width: 36px; height: 36px; background-size: 36px 36px; background-image: url('/about_files/d96d39a0abb45b92.png')" +></div> +``` + +Replace `d96d39a0abb45b92.png` with your image, under the same directory. Alternatively, just name your avi `d96d39a0abb45b92.png`, overwriting the original. + +Find an element called `<div class="directory">`. Below are at most three user avatars. You can modify their avis if you wish. Perhaps include yours in them. It's like this: + +```html +<div class="directory"> + <div class="directory__tag"> + <a href="/explore"> + <h4> + <i class="fa fa-address-book fa-fw"></i> + Discover users + <small>Browse a profile directory and filter by interests</small> + </h4> + <div class="avatar-stack"> + <img + alt="" + class="account__avatar" + src="about_files/d96d39a0abb45b92.png" + width="48" + height="48" + /> + <img + alt="" + class="account__avatar" + src="about_files/f6a76f37d508b407.png" + width="48" + height="48" + /> + <img + alt="" + class="account__avatar" + src="about_files/fc87edd00a925e4c.png" + width="48" + height="48" + /> + </div> + </a> + </div> + <!--other stuff--> +</div> +``` + +Yeah, it's literally just all the `*.png`s. + +Now for the final step tampering the frontend, we need to reconfigure the buttons so they take unsuspecting visitors to the classic music video for a classic song. Search for the button called `Sign up`. It is in an HTML form, so clicking it will take us to `/auth`; no good! We want to rickroll the visitors, not sign up an account for them. Scroll up till you meet with this line: + +```html +<form + class="simple_form new_user" + id="registration_new_user" + novalidate="novalidate" + action="/auth" + accept-charset="UTF-8" + method="post" +></form> +``` + +You see, the `action="/auth"` is the command that takes us to `/auth`. Remove it, along with `novalidate="novalidate"` and `accept-charset="UTF-8" method="post"`, because we're making it no longer a real form that sends requests. Keep the class, for it is used by stylesheets. Without it the form will look primitive, and people will find out. Then, find the `</form>` after it. It shouldn't be far away. Change `<form ...>` to `<div ...>`, `</form>` to `</div>`. This prevents form submission from being invoked when the button is clicked. Find another form below, with a button called `Log in`. Do the same to it. An example: + +```html +<div class="simple_form new_user" id="login_new_user"> + <input name="utf8" type="hidden" value="✓" /><input + type="hidden" + name="authenticity_token" + value="..." + /> + <div class="fields-group"> + <div class="input email optional user_email"> + <!--email--> + </div> + <div class="input password optional user_password"> + <!--password--> + </div> + </div> + <div class="actions"> + <button name="button" type="submit" class="btn button button-primary"> + Log in + </button> + </div> + <p class="hint subtle-hint"> + <a href="/auth/password/new">Trouble logging in?</a> + </p> +</div> +``` + +Remember the buttons? Yes, the `Sign up` and `Log in`. We need them to, when clicked, rickroll the visitors. Therefore, add an `onclick` action to both of them: + +```html +<button name="button" <!--add this line below--> + onclick="window.location.replace('https://www.youtube.com/watch?v=dQw4w9WgXcQ')" + class="btn button button-primary"> Sign up +</button> +``` + +Done! Now we've officially set up the frontend to rickroll visitors if they ever try to sign up or log in. You can test it in a browser. But waaaaaiit. What if they clicked on stuff like "Discover users" or the admin's profile? We need to set up redirections; they are called 301's, taken from their HTTP response code. I will introduce two ways to do it: nginx and python+pyramid. Feel free to fork and add stuff like python+flask, node.js+express, apache, etc. + +## Pretending innocent (2 methods) + +### nginx + +1. Check out `nginx.config`. What you see here is a server block for nginx. Place it either in your existent config file (typically in `/etc/nginx/sites-available`), or alongside with it renamed as something else. + +2. Look into the file: + +``` +# ... +# redirect the following paths to rickroll video +# the tilde (~) means regex; vertical bar (|) means 'or'. +# add more user names if necessary. +location ~ (/terms|/about/more|/public|/explore|/@USERNAME|/auth/password/new) { + return 301 https://www.youtube.com/watch?v=dQw4w9WgXcQ; +} +``` + +The chain of paths catch all the links visitors will likely take a peek at. Replace `USERNAME` with your own username. + +3. symlink this file to /etc/nginx/sites-enabled: `ln -s /etc/nginx/sites-available/FILENAME /etc/nginx/sites-enabled` + +4. Check if there are any blatant problem. + +5. Restart nginx: `nginx -s restart` + +6. Go to your prank domain/subdomain to check result. Click on links to see if it works. + +> "it doesn't work... why?" +> Look, I'm not an nginx expert. Maybe you can try using python+pyramid? + +### python+pyramid (plus a little nginx reverse proxy) + +1. Install python3 and pyramid (`pip3 install pyramid`). If pip says requirements are satisfied, but anything goes wrong later, run this with `--upgrade` to see if it's because of an ancient version. + +2. Put `web.py` in the same directory as `about.html`. + +3. Open and edit the file, just like the nginx one. + +4. Run `web.py` as a background process. Use a screen, tmux etc session or a process manager for it. This is out of scope. + +5. You still need to configure nginx for a bit. Sure, there are other reverse proxies but nginx is the only one I possess knowledge of. Add this block to your nginx config file: + +``` +server { + server_name [host]; # [host] is the domain of your rickstodon page, e.g. social.legit.website + + root /var/www/html; # whatever + index index.html; # whatever + + location / { + # if port 3904 is already taken, change this value both here and in web.py + # if so, re-run the modified python script + proxy_pass http://localhost:3904; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection 'upgrade'; + proxy_set_header Host $host; + proxy_cache_bypass $http_upgrade; + } +} +``` + +6. Restart nginx: `nginx -s restart` + +7. Go to your prank domain/subdomain to check result. Click on links to see if it works. + +## Additional steps + +1. Use HTTPS on your website for best deception. A mastodon instance without it is bound to raise suspicion. Use Let's Encrypt to generate a certificate for your (sub)domain. Sorry, LE. + +## Drawbacks and vulnerabilities + +1. If you have set up Rickstodon with nginx, the browser may make a GET request to youtube.com that reveals your intention. Like this: + +![screenshot of a GET request to https://www.youtube.com/watch?v=dQw4w9WgXcQ in devtools](img/rickstodon-youtube-GET.webp) + +If the user's network is slow, they may notice youtube.com loading in the bottom bar in a desktop browser. + +## Summary + +By now you should have already be savoring the joy from imaginary scenarios where people shout "whoa what the fuck" at a dancing dude. I have played this trick on my mastodon account this April Fool's day. It went... *nicely*. This repo is unlicensed, so you are always welcome to try and improve, and invent better ways to rickroll people. Thank you for coming to my TED talk. |