From 6f3ee2326bde11350639eb8c1b0bb6be4deef791 Mon Sep 17 00:00:00 2001 From: Frederick Yin Date: Fri, 7 Jan 2022 22:46:24 +0800 Subject: Reorganize all past blogposts --- docs/gemini_tldr.md | 130 ------------- docs/haiku.md | 41 ----- docs/how_fkfd_is_made.md | 52 ------ docs/img/avi_triplehat_diecut.png | Bin 0 -> 23505 bytes docs/img/rickstodon-youtube-GET.webp | Bin 12322 -> 0 bytes docs/img/rickstodon.webp | Bin 49910 -> 0 bytes docs/index.md | 6 +- docs/meta.md | 48 ++--- docs/projects/img/rickstodon-youtube-GET.webp | Bin 0 -> 12322 bytes docs/projects/img/rickstodon.webp | Bin 0 -> 49910 bytes docs/projects/index.md | 28 +++ docs/projects/rickstodon.md | 255 ++++++++++++++++++++++++++ docs/random/gemini_tldr.md | 132 +++++++++++++ docs/random/how_fkfd_is_made.md | 52 ++++++ docs/random/index.md | 12 ++ docs/random/realgit.md | 71 +++++++ docs/realgit.md | 71 ------- docs/rickstodon.md | 253 ------------------------- docs/shitpost/fake_moon_landing.md | 19 ++ docs/shitpost/haiku.md | 41 +++++ docs/shitpost/index.md | 10 + docs/shitpost/rousseau_and_schopenhauer.md | 22 +++ 22 files changed, 663 insertions(+), 580 deletions(-) delete mode 100644 docs/gemini_tldr.md delete mode 100644 docs/haiku.md delete mode 100644 docs/how_fkfd_is_made.md create mode 100644 docs/img/avi_triplehat_diecut.png delete mode 100644 docs/img/rickstodon-youtube-GET.webp delete mode 100644 docs/img/rickstodon.webp create mode 100644 docs/projects/img/rickstodon-youtube-GET.webp create mode 100644 docs/projects/img/rickstodon.webp create mode 100644 docs/projects/index.md create mode 100644 docs/projects/rickstodon.md create mode 100644 docs/random/gemini_tldr.md create mode 100644 docs/random/how_fkfd_is_made.md create mode 100644 docs/random/index.md create mode 100644 docs/random/realgit.md delete mode 100644 docs/realgit.md delete mode 100644 docs/rickstodon.md create mode 100644 docs/shitpost/fake_moon_landing.md create mode 100644 docs/shitpost/haiku.md create mode 100644 docs/shitpost/index.md create mode 100644 docs/shitpost/rousseau_and_schopenhauer.md diff --git a/docs/gemini_tldr.md b/docs/gemini_tldr.md deleted file mode 100644 index c631968..0000000 --- a/docs/gemini_tldr.md +++ /dev/null @@ -1,130 +0,0 @@ -# Gemini TL;DR - -For any internet protocol, you can either make it a few thousand words long, or make it 114M. Of course, we know this 114M wasn't there in the first place. W3C has tried very hard to standardize the web, without guarantee it would be simple. So, what we have now is a collaborative system where it's easier to introduce a standard than to deprecate one (remember Adobe Flash?). It's reassuring to know there isn't a central megacorp monopolizing the web, but this openness comes at a cost. It's when evangelical developers who can't program proper desktop apps abruptly choose to make a new web framework, a parasite on web browsers - one of the only things that are largely cross-platform. Because the work of portability has been handled by Mozilla, Google, etc, not by themselves, there is virtually no limitation regarding what you can do with it. If a handful of people suddenly like your "standard", all modern browsers will get to support it eventually. - -[Gemini](https://gemini.circumlunar.space/) is a young protocol that's slightly heavier than Gopher, but radically more lightweight than the Web. Its [spec](https://gemini.circumlunar.space/docs/spec-spec.txt) is 4.4k words long as of time of writing, which, excluding the appendix, is a 20-minute read if you skim past the microscopic details. Here is a TL;DR of the specs that's ~1k words long. - -## Prerequisites - -Before you proceed, there are a few fields of knowledge that you need to temporarily throw away while reading this post, plus a few you don't. Most of the former is HTTP-related. - -### Throw away entirely - -- CSS -- JavaScript(R)(c)TM -- All the fancy frameworks you have learned about (flask, jinja, react, jquery etc.) -- Apache and nginx - -### Place within arm's reach - -- HTML -- HTTP: - - headers - - 3-digit status codes - - verbs, e.g. GET, POST - - cookies - -### Do not throw away - -- TCP -- TLS - -## Gemini spec - -### Synopsis - -- "Gemini" is the name of a [crewed space mission by NASA](https://en.wikipedia.org/wiki/Project_Gemini). -- this spec is not complete, but probs won't change a lot soon. -- gemini transports data via TCP/IP on port 1965 because the first crewed flight of Gemini was on March 23, 1965. This means unprivileged users can run a gemini server, too. - -### Requests and Responses -- Gemini terminates lines with CRLF (`\r\n`) in requests and response headers. -- Everything should be UTF-8. -- Client sends a request to server: `\r\n`. -- Server first responds with a response header: ` \r\n`. -- Speaking of status codes, some helpful ones are `20 SUCCESS`, `30/31 REDIRECT`, and `51 NOT FOUND`. Status codes with the same leading digit belong to the same category and are treated similarly in clients. -- If server returns `2x (SUCCESS)`, it will send a response body (e.g. the page requested, the file the client wishes to download, etc.) right after the response header. In such case, the `` in the header should be the MIME type of the content. -- If the response body belongs to MIME type `text/*`, it should use CRLF as its linebreak. LF is also accepted. -- No support for compression or chunking of the content. -- There is no keep-alive. A TCP connection is closed right after a request and response, and must be re-initiated should the client make another request. -- Sending requests whose URL scheme is not gemini is called "proxying", and is not supported by most servers. - -### `text/gemini` - -- By default, the response body MIME type is `text/gemini`. -- You can also serve other types, of course, but you'll have to specify in `` of the response header. -- The following list will teach you how to write `text/gemini`. - -#### Line types - -1. Text lines: ezpz, just normal text. Authors and servers should not "hardwrap", i.e. limit column width to e.g. 80 chars; the client should wrap a long line containing the entire paragraph into a block. -2. Link lines: any non-preformatted line starting with `=>` is a link line. It should be followed by a URL, then optionally a link description. Like this: - -``` -=> gemini://fkfd.me/ fkfd.me geminispace -``` - -which is equivalent to this in HTML: - -``` -fkfd.me geminispace -``` - -Expect absolute and relative links, and ones that aren't even on gemini. - -3. Preformatted lines: any line between two lines that read ````` (3 backticks) is a preformatted line. Just like markdown. Like this (prefixed with a space in order not to interfere with formatting): - -``` - ``` - Without preformatted lines, ASCII art wouldn't have been possible! - ``` -``` - -It should be rendered as monospace. - -4. Heading lines: any non-preformatted line starting with 1-3 hashes is a heading line. Also, you know, sure, like markdown. Like this: - -``` -# h1 -## h2 -### h3 -#### nope, not a heading -###interestingly, the whitespace is optional -``` - -5. Unordered list items: any non-preformatted line starting with an asterisk is an unordered list item, i.e. an item of a bullet list. Like this: - -``` -* list item 1 -* list item 2 -*whitespace is optional again -* although if I want to mimic italics it would be -*pretty* hard -* to distinguish it from list items -``` - -### TLS - -- TLS is mandatory for Gemini. -- You must use TLS 1.2+; 1.3+ is encouraged. -- A client can trust whatever cert it sees, but the recommended approach is to implement a TOFU (Trust On First Use) system, where: - - you trust the cert the first time you visit a site, even if it's self-signed - - you remember it - - every time you access the site, it sends you this very cert, so you know everything's fine - - the client will warn the user if the server abruptly sent a different cert when its previous one hasn't expired yet: likely a MITM attack (but also likely the site admin just replaced their cert for some reason). - -This eliminates the need for a CA, thus making TLS and gemini itself more accessible and widespread. - -- A client can prove its identity with a "Transient client certificate". - - on a site that asks for one, client generates and sends a cert (regular sites don't; such procedure must be manually approved by the user) - - the cert is sent along with all subsequent requests to this host - - server can identify this user now - - this is like cookies in practice, but very different in implementation - - one cert is limited to one domain - - one cert should not exist for longer than 24 hours; it's for one session only. - -## Conclusion - -This is it; 4.4k words of gemini spec summarized & exemplified in ~1k words. Whether you're reading this on Gemini or the Web (or gopher), I encourage you to join this community of members who are seeking asylum from the debris of the modern web. Gemini is still in an early stage; loads of decisions to make, and lots of pitfalls that the web has fallen in to avoid. This concludes our journey around the gemini spec today; see you in low space orbit. - -Oh, also, [McRoss](https://git.sr.ht/~nhanb/mcross) is an awesome GUI client. diff --git a/docs/haiku.md b/docs/haiku.md deleted file mode 100644 index c6ffd1e..0000000 --- a/docs/haiku.md +++ /dev/null @@ -1,41 +0,0 @@ -# Haiku collection - -This is a collection of haiku I composed on February 19, 2020, published on mastodon.technology. See [thread](https://mastodon.technology/@fakefred/103683337253008138). - -## Printer - -Background: my inkjet jammed up. - ->I do not have the -Slightest fucking intention -To fix that printer - -## Arch in a Nutshell - -This one is my favorite. `-Syu` is pronounced "S Y U". - -> What goes wrong if I -`sudo pacman -Syu`? -Google "Arch rollback" - -## Python - -``` -#!/usr/bin/python -# what if it gets self-aware? -raise SystemExit -``` - -How to read: - -- `#!/usr/bin/python`: "user bin python" -- `#` is silenced - -## Paccache - -This is a real story. - -> `$ sudo paccache -r` -20 gigas freed from disk -very delighted - diff --git a/docs/how_fkfd_is_made.md b/docs/how_fkfd_is_made.md deleted file mode 100644 index dc54baf..0000000 --- a/docs/how_fkfd_is_made.md +++ /dev/null @@ -1,52 +0,0 @@ -# How an FKFD Comic is Made - -I don't consider myself a cartoonist, let alone good cartoonist. I am unqualified at comics in all aspects, you know? I can hardly draw anything that's not a rectangle, circle, or straight line; for every final stroke you see on the canvas, I have undone and redone three times; my update frequency is like `abs(tan(x/k))` where k is around 10 days\^-1 [1]. One day in May I pushed 4 comics. And then I completely skipped June. - -Let me keep it short and talk about how an fkfd comic is made. Not technical details (i.e. export as webp, then png, then run `./submit.py`...) but how I come up with ideas and express them in comics. - -## Life -> Idea - -However boring your life may be, you always find ideas bumping from inside your brain; they may just be a little dull. I catch my inspirations right away when I come up with one. Here is a list of common ideas. - -- I look at things that vaguely resemble others, and make fun of that[2]. -- I ask myself questions "what if we...?" and imagine the possibilities in the wildest way[3]. -- I contemplate about today's society and world, and when I cannot squueze jokes out of them, I make them look thought-provoking[4]. -- I voice concerns about today's technology and its relationship with human life[5]. -- Also comics that are straightforward xkcd parodies[6], or even ones that reuse xkcd graphics[7]. -- Giant buildup for giant fun, like flowcharts and tables[8]. -- Irony pointed at one certain type of person[9]. -- Inevitable graph jokes[10]. -- Personal rant[11]. -- Puns and wordplay[12]. - -The ideas can be funny or serious, revolving around an outdated or emerging topic, whatever. Apply the craziest spices until the idea is hot enough to attract a handful of people. Avoid *really* niche hobbies, and definitely don't go to depths (i.e. inside jokes), for the sake of audience coverage. As a side note, I never deliberately check if my idea has been taken. Too much trouble. I do avoid copying ideas I know to exist, though. - -## Others' Idea -> My Idea - -My comics are large influenced by xkcd. A few other influencers: - -- SMBC for sociological ideas and single-panels -- C&H for the puns -- Poorly Drawn Lines for the anthropomorphic figures -- Random Reddit posts for random ideas - -## Idea -> Comic - -There are certain periods when I was super innovative and others super productive and/or artistic. The best scenario is when these overlapped, and I was able to commit my ideas on the canvas on the fly. That was definitely efficient, but later when I reflected on comics produced over this period, I would often sense creeping embarrassment for lack of due thoughts before submission, or regret over some imperfections like a forgotten punchline. The second best is those moments when I had a genuinely great idea (at least to me at that time), and had a notebook handy. Once I would jot down a few hint words, like "dead kids sent from heaven to haunt their anti-vaxx parents", but turns out I was terrible at remembering details. Soon I learned to draw a rough sketch, and continuously iterate, fixing grammatical problems and pruning unnecessary words (canvas space is precious). Occasionally, I do it on a whiteboard. Finally, I boot up my lappy, draw what's on the paper/whiteboard through my wacom tablet into krita, sometimes verbatim and sometimes with a few minor adjustments, then re-orchestrate the elements so they fit on a digital canvas. Behold! Digital "art". - -## Footnotes - -[1] Which means my update speed peaks about once per month, while somewhere in the middle it's zero. -[2] Notable examples: [Heroic Ball Pen](https://fkfd.me/13), [Chihuahuatamayo](https://fkfd.me/74), and [Keychane](https://fkfd.me/93). -[3] Notable examples: [Night Plane Spotters](https://fkfd.me/70), [Soul Counter](https://fkfd.me/79), and [Amazon Ring](https://fkfd.me/87). -[4] Notable examples: [Intolerance](https://fkfd.me/65), [Zeta-373](https://fkfd.me/77), and [Stray Cats](https://fkfd.me/90). -[5] Notable examples: [Innovations](https://fkfd.me/73), [Intended Internet](https://fkfd.me/86), and [JavaScript](https://fkfd.me/101). -[6] Notable examples: [Code Quality](https://fkfd.me/10), [Technology, Inc.](https://fkfd.me/11), and [Irrelevant xkcd](https://fkfd.me/67). -[7] Notable examples: [Python](https://fkfd.me/6), [Entropy Harvesting Daemon](https://fkfd.me/81), and [Childhood Misconceptions](https://fkfd.me/92). -[8] Notable examples: [Partitions](https://fkfd.me/16), [X-over-Y](https://fkfd.me/53), and [Python Code With No Documentation](https://fkfd.me/55). -[9] Notable examples: [Flat Earthers](https://fkfd.me/21), [Blogging](https://fkfd.me/26), and [Wish](https://fkfd.me/71). -[10] Notable examples: [Time Consumption](https://fkfd.me/9), [Turning Point](https://fkfd.me/59), and [Graph Nerd Sniped](https://fkfd.me/89). -[11] Notable examples: [Smart Home](https://fkfd.me/46), [Middle Button](https://fkfd.me/52), and [Grades](https://fkfd.me/96). -[12] Notable examples: [Wheeled Armchair and Armed Wheelchair](https://fkfd.me/54), [One-Letter Modifications](https://fkfd.me/69), and [Company Rules](https://fkfd.me/88). - -Last updated: 2020-07-21 diff --git a/docs/img/avi_triplehat_diecut.png b/docs/img/avi_triplehat_diecut.png new file mode 100644 index 0000000..fa1deb9 Binary files /dev/null and b/docs/img/avi_triplehat_diecut.png differ diff --git a/docs/img/rickstodon-youtube-GET.webp b/docs/img/rickstodon-youtube-GET.webp deleted file mode 100644 index c5c70aa..0000000 Binary files a/docs/img/rickstodon-youtube-GET.webp and /dev/null differ diff --git a/docs/img/rickstodon.webp b/docs/img/rickstodon.webp deleted file mode 100644 index 5a64e3f..0000000 Binary files a/docs/img/rickstodon.webp and /dev/null differ diff --git a/docs/index.md b/docs/index.md index 316dc21..08ee994 100644 --- a/docs/index.md +++ b/docs/index.md @@ -1,5 +1,3 @@ -# You are in the wrong place. Leave. +# fkfd -Why are you here? Are you here because you wanna "learn more" about me, you creep? Or you wanna know some metadata? Go to [the meta page](/meta). Nobody should be checking the index page; I put it here merely because this damn thing won't let me update if I don't include it. I would never share the index page of my blog. If you are here to check for updates, you have done something **monumentally wrong**. There is no such thing called an "update". This is a mere archive of textual rant and thonks that would otherwise be unfit in a comic. If I ever wanted you to read an article of mine, I would attach the entire path to it. Under and only under this circumstance should you check my "blog". - -Oh, you're not leaving. Good. I wish I could just put `` here so that the webpage would end, but you would just hit devtools and read the source. As to the non-tech-savvy audience, they would just hit refresh ever so frantically wondering what the heck is up with their internet. You may not proceed. Leave immediately. Leave before the `

`. This is a threat. +Yes this is just a low effort blog why do you ask diff --git a/docs/meta.md b/docs/meta.md index b42387e..4a42a0a 100644 --- a/docs/meta.md +++ b/docs/meta.md @@ -1,41 +1,31 @@ -# Blog Meta +# fkfd meta -## PGP - -[PGP PUBLIC KEY BLOCK](https://fkfd.me/static/fkfd.asc) +Last updated 2022-01-07 -`EBD3 5396 508C 755F 3BBA 5458 F355 1C6B 01DB 77FF` +## PGP +[EBD3 5396 508C 755F 3BBA 5458 F355 1C6B 01DB 77FF](https://fkfd.me/static/fkfd.asc) ## License - [CC BY-NC 4.0](https://creativecommons.org/licenses/by-nc/4.0/) unless otherwise stated. ## Contact +[Mastodon](https://mastodon.technology/@fakefred) -[Mastodon.technology](https://mastodon.technology/@fakefred) +## Nobody builds their blog with MkDocs. What's wrong with you +Tired of social media buttons and fancy animations that come at the cost of computer juice, I quit. So here you are, in a static-site blog generated with MkDocs (a documentation engine written in Python, like Sphinx). I call this "Blogumentation". -[fkfd@macaw.me](mailto:fkfd@macaw.me) +Here is a list of tools that I ruled out: -## Medium - -Tired of social media buttons and excessive fancy animations provided by too many blogging themes, I quit. So here you are, in a static-site blog generated with MkDocs (a documentation engine written in Python, like Sphinx, which is known for its appearance in ReadTheDocs). I call this "Blogumentation". +- [__ssg6__](https://www.romanzolotarev.com/ssg.html) — A static site generator written in shell. Extremely simple yet versatile. Sadly, it'll take forever for me to settle on a template or CSS, and, given so much privilege, I will most probably break everything. +- A self-hosted pastebin. The links would be a mess, albeit short. +- HTML+CSS from scratch. Same as ssg6. +- Sphinx. It graduated with a `.rst` degree, but who uses rsts these days. +- Hugo. I didn't want a Go environment on my machine. (Update: Joke's on me, I installed go later and wrote a bit of it. But still no.) +- Hexo, Jekyll, etc: I didn't want a Node.js/Ruby environment. Keep them away. -Here is a list of blogging media I was more reluctant to use: +## Debloated +You will not find any of these in my blogposts, as long as I am in control: -- A static site generator I got from [trivial technologies](https://trivial.technology/), literally named "ssg", written in Perl. It is currently used for - [usable technologies](https://fkfd.me/ut). -- A self-hosted pastebin. The links would be a mess, albeit short. -- HTML+CSS from scratch. Not mobile-friendly, and I'm too lazy for it. -- Sphinx. Its major language is rst, which I do not master. -- Hugo. I didn't want a Go environment on my machine. - -key | value ------------|---------- -features | not many -speed | fast enough -SEO | doesn't matter -javascript | none -analytics | none -trackers | none -original | yes -DMCA takedown notice | fuck you +- Advertisements +- Analytics +- JavaScript diff --git a/docs/projects/img/rickstodon-youtube-GET.webp b/docs/projects/img/rickstodon-youtube-GET.webp new file mode 100644 index 0000000..c5c70aa Binary files /dev/null and b/docs/projects/img/rickstodon-youtube-GET.webp differ diff --git a/docs/projects/img/rickstodon.webp b/docs/projects/img/rickstodon.webp new file mode 100644 index 0000000..5a64e3f Binary files /dev/null and b/docs/projects/img/rickstodon.webp differ diff --git a/docs/projects/index.md b/docs/projects/index.md new file mode 100644 index 0000000..490f1ac --- /dev/null +++ b/docs/projects/index.md @@ -0,0 +1,28 @@ +# Projects + +Of all the peojects I've made over the years, not many deserve their own +standing blogpost either because (a) it is too ephemeral and a thread of +512-character long microblogs is enough or (b) it is more fitting to write +proper documentation for it instead (ironic when I build my blog with +MkDocs). But the few that do, are here. + +Projects below are sorted reverse chronologically (most recent first). + +## [Rickstodon](rickstodon) + +![Demo](img/rickstodon.webp) + +On April Fool's Day, 2020, I launched a mock Mastodon login page at +`https://social.fkfd.me` (now defunct) that rickrolled anyone that clicked +the links or buttons. It was more sophisticatedly designed than most other +rickrolling attempts (it's weird to compare trolling technique, I know) in +that hovering your cursor over the links doesn't immediately reveal your +evil intent; the URL shown is totally legit, and it takes another round of +carefully set-up nginx configs to redirect you to the classic music video. + +Because of restrictions in AGPL that Mastodon is distributed under, +I decided not to release the code itself but rather to write a guide on +how I made it. The codeberg repo that came along was unlicensed. + +As I said, this was a impulse project that's faded into the past. It is +2022 as I write this. Isn't this crazy? diff --git a/docs/projects/rickstodon.md b/docs/projects/rickstodon.md new file mode 100644 index 0000000..2b40521 --- /dev/null +++ b/docs/projects/rickstodon.md @@ -0,0 +1,255 @@ +# Rickstodon - Rickroll Your Friends (or Foes) With A Fake Mastodon Registration Page + +## -- Introducing a new way to present an old prank + +![screenshot with most of the buttons and links on the page pointing to the signature rickroll cover image on youtube](img/rickstodon.webp) + +See [video demo](https://fkfd.me/static/rickstodon.mp4); hosted on [social.fkfd.me](https://social.fkfd.me); see [Codeberg repo](https://codeberg.org/fakefred/rickstodon) + +> Edit 2022-01-07: social.fkfd.me is now defunct. + +## How to host it? + +Because Mastodon is licensed under AGPL, and the frontend is not explicitly excluded, I doubt the legitimacy to redistribute it unlicensed. Therefore, this repo only contains a guide to make your own Rickstodon in N easy steps. You need either a working nginx, or python+pyramid. + +## Prepare a place for your prank + +Get a domain. If you already have one, you can always add a subdomain record into its DNS settings, typically available in the registrar's web panel. For example, `social.[your.domain]` is a subdomain that seems totally legit. Set up an A/AAAA record pointing to your server IP. Let's call this domain `social.legit.website` throughout the tutorial. + +## Capture the Mastodon + +Go to a Mastodon instance you are logged out of. You will be redirected to its about page, which looks like the screenshot above. Download the page using your browser, including the files. Chromium seemed to be unable to fetch the files? idk. Firefox works fine. Press ctrl+s to save `about.html`, as well as its embedded files into a directory called `about_files`. + +You will see your files in a structure like: + +``` +about.html +about_files/ + common-9fa4342b.css + d96d39a0abb45b92.png # admin avatar + f6a76f37d508b407.png # user avatar + fc87edd00a925e4c.png # user avatar + 56270e3bbd5ef1a4.png # user avatar + vlcsnap-2018-08-27-16h43m11s127.png # the mastodon-paper planes-trumpet picture + common-a45d1c15f1388e6b8338.js + default-78232038.css + favicon.ico + locale_en-0b1defbea6f42c8f057f.js + public-5e7c276e9e232153d9c4.js +``` + +Open `about.html` in your browser. The files should load in their respective place because the filepaths are substituted with `/about_files/xxx`, except for external links, which are retained, e.g. `Documentation` links to `https://docs.joinmastodon.org/` unchanged. + +Now that you've shut the mastodon in the cage, this is where the fun begins. + +## Teaching the Mastodon to rickroll + +Open and edit `about.html`. It is quite large for some text editors (~25 KiB). It's unindented by default. Format it using a code formatter to save your eyes from burning. + +Remember the site you fetched the page from? Change all occurrences of that site (for example, `mastodon.social` to yours: `social.legit.website`. For example, in ``, you may see the following: + +```html + + + + + + + +``` + +Edit the URL's, edit meta content, you name it. The meta content also goes into the visible `
`; search for it and replace its text. + +Done? Good! Now when you check out your site, it has your domain on it. But things are not right! People won't believe that this instance, unexpectedly under Eugen's administration, could attract 503k users in two short days. You need to modify those data as well. Search for `Administered by:` and `Server stats:`. These data are right under them. A value like 41 users/32 MAU is adequately deceiving. + +But waaaaait. You still have Eugen's avi beside your name. This is easy: get your avi, place it under `about_files`, change those filenames in `about.html` accordingly. Same for other people's avis you wish to show. Under the `Administered by:` there is: + +```html + +``` + +Replace `d96d39a0abb45b92.png` with your image, under the same directory. Alternatively, just name your avi `d96d39a0abb45b92.png`, overwriting the original. + +Find an element called `
`. Below are at most three user avatars. You can modify their avis if you wish. Perhaps include yours in them. It's like this: + +```html +
+
+ +

+ + Discover users + Browse a profile directory and filter by interests +

+
+ + + +
+ +
+ +
+``` + +Yeah, it's literally just all the `*.png`s. + +Now for the final step tampering the frontend, we need to reconfigure the buttons so they take unsuspecting visitors to the classic music video for a classic song. Search for the button called `Sign up`. It is in an HTML form, so clicking it will take us to `/auth`; no good! We want to rickroll the visitors, not sign up an account for them. Scroll up till you meet with this line: + +```html +
+``` + +You see, the `action="/auth"` is the command that takes us to `/auth`. Remove it, along with `novalidate="novalidate"` and `accept-charset="UTF-8" method="post"`, because we're making it no longer a real form that sends requests. Keep the class, for it is used by stylesheets. Without it the form will look primitive, and people will find out. Then, find the `` after it. It shouldn't be far away. Change `
` to `
`, `` to `
`. This prevents form submission from being invoked when the button is clicked. Find another form below, with a button called `Log in`. Do the same to it. An example: + +```html +
+ +
+ +
+ +
+
+
+ +
+

+ Trouble logging in? +

+
+``` + +Remember the buttons? Yes, the `Sign up` and `Log in`. We need them to, when clicked, rickroll the visitors. Therefore, add an `onclick` action to both of them: + +```html + +``` + +Done! Now we've officially set up the frontend to rickroll visitors if they ever try to sign up or log in. You can test it in a browser. But waaaaaiit. What if they clicked on stuff like "Discover users" or the admin's profile? We need to set up redirections; they are called 301's, taken from their HTTP response code. I will introduce two ways to do it: nginx and python+pyramid. Feel free to fork and add stuff like python+flask, node.js+express, apache, etc. + +## Pretending innocent (2 methods) + +### nginx + +1. Check out `nginx.config`. What you see here is a server block for nginx. Place it either in your existent config file (typically in `/etc/nginx/sites-available`), or alongside with it renamed as something else. + +2. Look into the file: + +``` +# ... +# redirect the following paths to rickroll video +# the tilde (~) means regex; vertical bar (|) means 'or'. +# add more user names if necessary. +location ~ (/terms|/about/more|/public|/explore|/@USERNAME|/auth/password/new) { + return 301 https://www.youtube.com/watch?v=dQw4w9WgXcQ; +} +``` + +The chain of paths catch all the links visitors will likely take a peek at. Replace `USERNAME` with your own username. + +3. symlink this file to /etc/nginx/sites-enabled: `ln -s /etc/nginx/sites-available/FILENAME /etc/nginx/sites-enabled` + +4. Check if there are any blatant problem. + +5. Restart nginx: `nginx -s restart` + +6. Go to your prank domain/subdomain to check result. Click on links to see if it works. + +> "it doesn't work... why?" +> Look, I'm not an nginx expert. Maybe you can try using python+pyramid? + +### python+pyramid (plus a little nginx reverse proxy) + +1. Install python3 and pyramid (`pip3 install pyramid`). If pip says requirements are satisfied, but anything goes wrong later, run this with `--upgrade` to see if it's because of an ancient version. + +2. Put `web.py` in the same directory as `about.html`. + +3. Open and edit the file, just like the nginx one. + +4. Run `web.py` as a background process. Use a screen, tmux etc session or a process manager for it. This is out of scope. + +5. You still need to configure nginx for a bit. Sure, there are other reverse proxies but nginx is the only one I possess knowledge of. Add this block to your nginx config file: + +``` +server { + server_name [host]; # [host] is the domain of your rickstodon page, e.g. social.legit.website + + root /var/www/html; # whatever + index index.html; # whatever + + location / { + # if port 3904 is already taken, change this value both here and in web.py + # if so, re-run the modified python script + proxy_pass http://localhost:3904; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection 'upgrade'; + proxy_set_header Host $host; + proxy_cache_bypass $http_upgrade; + } +} +``` + +6. Restart nginx: `nginx -s restart` + +7. Go to your prank domain/subdomain to check result. Click on links to see if it works. + +## Additional steps + +1. Use HTTPS on your website for best deception. A mastodon instance without it is bound to raise suspicion. Use Let's Encrypt to generate a certificate for your (sub)domain. Sorry, LE. + +## Drawbacks and vulnerabilities + +1. If you have set up Rickstodon with nginx, the browser may make a GET request to youtube.com that reveals your intention. Like this: + +![screenshot of a GET request to https://www.youtube.com/watch?v=dQw4w9WgXcQ in devtools](img/rickstodon-youtube-GET.webp) + +If the user's network is slow, they may notice youtube.com loading in the bottom bar in a desktop browser. + +## Summary + +By now you should have already be savoring the joy from imaginary scenarios where people shout "whoa what the fuck" at a dancing dude. I have played this trick on my mastodon account this April Fool's day. It went... *nicely*. This repo is unlicensed, so you are always welcome to try and improve, and invent better ways to rickroll people. Thank you for coming to my TED talk. diff --git a/docs/random/gemini_tldr.md b/docs/random/gemini_tldr.md new file mode 100644 index 0000000..b232bfd --- /dev/null +++ b/docs/random/gemini_tldr.md @@ -0,0 +1,132 @@ +# Gemini TL;DR + +2020-06-05 + +For any internet protocol, you can either make it a few thousand words long, or make it 114M. Of course, we know this 114M wasn't there in the first place. W3C has tried very hard to standardize the web, without guarantee it would be simple. So, what we have now is a collaborative system where it's easier to introduce a standard than to deprecate one (remember Adobe Flash?). It's reassuring to know there isn't a central megacorp monopolizing the web, but this openness comes at a cost. It's when evangelical developers who can't program proper desktop apps abruptly choose to make a new web framework, a parasite on web browsers - one of the only things that are largely cross-platform. Because the work of portability has been handled by Mozilla, Google, etc, not by themselves, there is virtually no limitation regarding what you can do with it. If a handful of people suddenly like your "standard", all modern browsers will get to support it eventually. + +[Gemini](https://gemini.circumlunar.space/) is a young protocol that's slightly heavier than Gopher, but radically more lightweight than the Web. Its [spec](https://gemini.circumlunar.space/docs/spec-spec.txt) is 4.4k words long as of time of writing, which, excluding the appendix, is a 20-minute read if you skim past the microscopic details. Here is a TL;DR of the specs that's ~1k words long. + +## Prerequisites + +Before you proceed, there are a few fields of knowledge that you need to temporarily throw away while reading this post, plus a few you don't. Most of the former is HTTP-related. + +### Throw away entirely + +- CSS +- JavaScript(R)(c)TM +- All the fancy frameworks you have learned about (flask, jinja, react, jquery etc.) +- Apache and nginx + +### Place within arm's reach + +- HTML +- HTTP: + - headers + - 3-digit status codes + - verbs, e.g. GET, POST + - cookies + +### Do not throw away + +- TCP +- TLS + +## Gemini spec + +### Synopsis + +- "Gemini" is the name of a [crewed space mission by NASA](https://en.wikipedia.org/wiki/Project_Gemini). +- this spec is not complete, but probs won't change a lot soon. +- gemini transports data via TCP/IP on port 1965 because the first crewed flight of Gemini was on March 23, 1965. This means unprivileged users can run a gemini server, too. + +### Requests and Responses +- Gemini terminates lines with CRLF (`\r\n`) in requests and response headers. +- Everything should be UTF-8. +- Client sends a request to server: `\r\n`. +- Server first responds with a response header: ` \r\n`. +- Speaking of status codes, some helpful ones are `20 SUCCESS`, `30/31 REDIRECT`, and `51 NOT FOUND`. Status codes with the same leading digit belong to the same category and are treated similarly in clients. +- If server returns `2x (SUCCESS)`, it will send a response body (e.g. the page requested, the file the client wishes to download, etc.) right after the response header. In such case, the `` in the header should be the MIME type of the content. +- If the response body belongs to MIME type `text/*`, it should use CRLF as its linebreak. LF is also accepted. +- No support for compression or chunking of the content. +- There is no keep-alive. A TCP connection is closed right after a request and response, and must be re-initiated should the client make another request. +- Sending requests whose URL scheme is not gemini is called "proxying", and is not supported by most servers. + +### `text/gemini` + +- By default, the response body MIME type is `text/gemini`. +- You can also serve other types, of course, but you'll have to specify in `` of the response header. +- The following list will teach you how to write `text/gemini`. + +#### Line types + +1. Text lines: ezpz, just normal text. Authors and servers should not "hardwrap", i.e. limit column width to e.g. 80 chars; the client should wrap a long line containing the entire paragraph into a block. +2. Link lines: any non-preformatted line starting with `=>` is a link line. It should be followed by a URL, then optionally a link description. Like this: + +``` +=> gemini://fkfd.me/ fkfd.me geminispace +``` + +which is equivalent to this in HTML: + +``` +fkfd.me geminispace +``` + +Expect absolute and relative links, and ones that aren't even on gemini. + +3. Preformatted lines: any line between two lines that read ````` (3 backticks) is a preformatted line. Just like markdown. Like this (prefixed with a space in order not to interfere with formatting): + +``` + ``` + Without preformatted lines, ASCII art wouldn't have been possible! + ``` +``` + +It should be rendered as monospace. + +4. Heading lines: any non-preformatted line starting with 1-3 hashes is a heading line. Also, you know, sure, like markdown. Like this: + +``` +# h1 +## h2 +### h3 +#### nope, not a heading +###interestingly, the whitespace is optional +``` + +5. Unordered list items: any non-preformatted line starting with an asterisk is an unordered list item, i.e. an item of a bullet list. Like this: + +``` +* list item 1 +* list item 2 +*whitespace is optional again +* although if I want to mimic italics it would be +*pretty* hard +* to distinguish it from list items +``` + +### TLS + +- TLS is mandatory for Gemini. +- You must use TLS 1.2+; 1.3+ is encouraged. +- A client can trust whatever cert it sees, but the recommended approach is to implement a TOFU (Trust On First Use) system, where: + - you trust the cert the first time you visit a site, even if it's self-signed + - you remember it + - every time you access the site, it sends you this very cert, so you know everything's fine + - the client will warn the user if the server abruptly sent a different cert when its previous one hasn't expired yet: likely a MITM attack (but also likely the site admin just replaced their cert for some reason). + +This eliminates the need for a CA, thus making TLS and gemini itself more accessible and widespread. + +- A client can prove its identity with a "Transient client certificate". + - on a site that asks for one, client generates and sends a cert (regular sites don't; such procedure must be manually approved by the user) + - the cert is sent along with all subsequent requests to this host + - server can identify this user now + - this is like cookies in practice, but very different in implementation + - one cert is limited to one domain + - one cert should not exist for longer than 24 hours; it's for one session only. + +## Conclusion + +This is it; 4.4k words of gemini spec summarized & exemplified in ~1k words. Whether you're reading this on Gemini or the Web (or gopher), I encourage you to join this community of members who are seeking asylum from the debris of the modern web. Gemini is still in an early stage; loads of decisions to make, and lots of pitfalls that the web has fallen in to avoid. This concludes our journey around the gemini spec today; see you in low space orbit. + +Oh, also, [McRoss](https://git.sr.ht/~nhanb/mcross) is an awesome GUI client. diff --git a/docs/random/how_fkfd_is_made.md b/docs/random/how_fkfd_is_made.md new file mode 100644 index 0000000..0615df9 --- /dev/null +++ b/docs/random/how_fkfd_is_made.md @@ -0,0 +1,52 @@ +# How an FKFD Comic is Made + +2020-07-21 + +I don't consider myself a cartoonist, let alone good cartoonist. I am unqualified at comics in all aspects, you know? I can hardly draw anything that's not a rectangle, circle, or straight line; for every final stroke you see on the canvas, I have undone and redone three times; my update frequency is like `abs(tan(x/k))` where k is around 10 days\^-1 [1]. One day in May I pushed 4 comics. And then I completely skipped June. + +Let me keep it short and talk about how an fkfd comic is made. Not technical details (i.e. export as webp, then png, then run `./submit.py`...) but how I come up with ideas and express them in comics. + +## Life -> Idea + +However boring your life may be, you always find ideas bumping from inside your brain; they may just be a little dull. I catch my inspirations right away when I come up with one. Here is a list of common ideas. + +- I look at things that vaguely resemble others, and make fun of that[2]. +- I ask myself questions "what if we...?" and imagine the possibilities in the wildest way[3]. +- I contemplate about today's society and world, and when I cannot squueze jokes out of them, I make them look thought-provoking[4]. +- I voice concerns about today's technology and its relationship with human life[5]. +- Also comics that are straightforward xkcd parodies[6], or even ones that reuse xkcd graphics[7]. +- Giant buildup for giant fun, like flowcharts and tables[8]. +- Irony pointed at one certain type of person[9]. +- Inevitable graph jokes[10]. +- Personal rant[11]. +- Puns and wordplay[12]. + +The ideas can be funny or serious, revolving around an outdated or emerging topic, whatever. Apply the craziest spices until the idea is hot enough to attract a handful of people. Avoid *really* niche hobbies, and definitely don't go to depths (i.e. inside jokes), for the sake of audience coverage. As a side note, I never deliberately check if my idea has been taken. Too much trouble. I do avoid copying ideas I know to exist, though. + +## Others' Idea -> My Idea + +My comics are large influenced by xkcd. A few other influencers: + +- SMBC for sociological ideas and single-panels +- C&H for the puns +- Poorly Drawn Lines for the anthropomorphic figures +- Random Reddit posts for random ideas + +## Idea -> Comic + +There are certain periods when I was super innovative and others super productive and/or artistic. The best scenario is when these overlapped, and I was able to commit my ideas on the canvas on the fly. That was definitely efficient, but later when I reflected on comics produced over this period, I would often sense creeping embarrassment for lack of due thoughts before submission, or regret over some imperfections like a forgotten punchline. The second best is those moments when I had a genuinely great idea (at least to me at that time), and had a notebook handy. Once I would jot down a few hint words, like "dead kids sent from heaven to haunt their anti-vaxx parents", but turns out I was terrible at remembering details. Soon I learned to draw a rough sketch, and continuously iterate, fixing grammatical problems and pruning unnecessary words (canvas space is precious). Occasionally, I do it on a whiteboard. Finally, I boot up my lappy, draw what's on the paper/whiteboard through my wacom tablet into krita, sometimes verbatim and sometimes with a few minor adjustments, then re-orchestrate the elements so they fit on a digital canvas. Behold! Digital "art". + +## Footnotes + +[1] Which means my update speed peaks about once per month, while somewhere in the middle it's zero. +[2] Notable examples: [Heroic Ball Pen](https://fkfd.me/13), [Chihuahuatamayo](https://fkfd.me/74), and [Keychane](https://fkfd.me/93). +[3] Notable examples: [Night Plane Spotters](https://fkfd.me/70), [Soul Counter](https://fkfd.me/79), and [Amazon Ring](https://fkfd.me/87). +[4] Notable examples: [Intolerance](https://fkfd.me/65), [Zeta-373](https://fkfd.me/77), and [Stray Cats](https://fkfd.me/90). +[5] Notable examples: [Innovations](https://fkfd.me/73), [Intended Internet](https://fkfd.me/86), and [JavaScript](https://fkfd.me/101). +[6] Notable examples: [Code Quality](https://fkfd.me/10), [Technology, Inc.](https://fkfd.me/11), and [Irrelevant xkcd](https://fkfd.me/67). +[7] Notable examples: [Python](https://fkfd.me/6), [Entropy Harvesting Daemon](https://fkfd.me/81), and [Childhood Misconceptions](https://fkfd.me/92). +[8] Notable examples: [Partitions](https://fkfd.me/16), [X-over-Y](https://fkfd.me/53), and [Python Code With No Documentation](https://fkfd.me/55). +[9] Notable examples: [Flat Earthers](https://fkfd.me/21), [Blogging](https://fkfd.me/26), and [Wish](https://fkfd.me/71). +[10] Notable examples: [Time Consumption](https://fkfd.me/9), [Turning Point](https://fkfd.me/59), and [Graph Nerd Sniped](https://fkfd.me/89). +[11] Notable examples: [Smart Home](https://fkfd.me/46), [Middle Button](https://fkfd.me/52), and [Grades](https://fkfd.me/96). +[12] Notable examples: [Wheeled Armchair and Armed Wheelchair](https://fkfd.me/54), [One-Letter Modifications](https://fkfd.me/69), and [Company Rules](https://fkfd.me/88). diff --git a/docs/random/index.md b/docs/random/index.md new file mode 100644 index 0000000..dc60a86 --- /dev/null +++ b/docs/random/index.md @@ -0,0 +1,12 @@ +# Random stuff + +If you know me you'll be impressed how quickly and unexpectably my +interests change. I'd pick up something and, whether I'm done with it or +not, I'd dump it into a heap labeled "stuff I loved at some point", and +they just stay there, like malloc'd memory that will never be freed. + +Nevertheless, occasionally I leave a permanent trace along the way. + +- [Gemini TL;DR](gemini_tldr) +- [How an FKFD Comic is made](how_fkfd_is_made) +- [The Real Git](realgit) diff --git a/docs/random/realgit.md b/docs/random/realgit.md new file mode 100644 index 0000000..6fa9cf5 --- /dev/null +++ b/docs/random/realgit.md @@ -0,0 +1,71 @@ +# The Real Git + +2020-05-02 + +This post is for young developers like me, ditching GitHub/Lab for Gitea with a self-recognition as a hipster. There is a TL;DR at the bottom. + +For too long have I held the incorrect belief that we needed a GitHub alternative that federates, and joins the fediverse using ActivityPub. Well, it could be a thing. Gitea is good, and I'd be pleased to see it get better by implementing AP. + +## Interface + +Ask yourself: is a web app the only way to do issues/tickets, pull requests/merge requests, etc? Hear me out: people take it for granted that a good product deserves a shiny dashboard. Over the course of GitHub's "success", shiny tabs labeled "issues" and "pull requests" gain ubiquity on other VCS frontends. It disrupted the industry. + +How did developers contribute to FOSS projects back when GitHub wasn't a thing? Well, before StackOverflow, we had forums. Similarly, before GitHub, we had mailing lists. It has been long known to me that the Linux kernel is developed on a mailing list, where contributors would submit patches and receive a *Wish You Were Never Born, Dumbass* Certificate from Linus. However I, along with many others had no idea how it's *actually* done. Check out [the PR page of the Linux repo on GitHub](https://github.com/torvalds/linux/pulls). *Too many* people have mistaken a web UI, if not limited to GitHub, for *the* development platform for *anything*. Well, it's definitely not how Linux is developed. + +The web interface is intrusive. You may be unsurprised to hear some people, typically new coders making their own GitHub page, code directly into GitHub's web editor, commit one file at a time, and test changes in the browser. It's the UI mindset. GitHub and websites alike hijacked us, and we didn't even know. The reason why will be analyzed. + +You notice a clear distinction between "coders" and "developers": it's like human evolution, the command of tools. Git is a tool; so is GitHub. A tool is intended to excel at a limited range of work. If you cry about how GitHub sucks as a cloud drive, you are cracking a walnut with a drill. Sharpening your skill is a superset of mastering the toolchain. Likewise, it seems sensible for me to, at this point of my coding hobby, leap out of the interfaces and embrace what Git should have been. After all, what we really wanted is not an interface, but a workflow, in which field Git's utilities work just fine. + +## The Real Git + +I will use [sourcehut](https://sourcehut.org/), aka sr.ht as an example. I stumbled upon it a while ago, but it wasn't until yesterday that I tried it out for its simplicity. Simple as in no bloat, not in being for dummies. For starters, there's no JavaScript. Really, you should check out its interface. Or not. It doesn't matter, something else does, and I sincerely regret having overlooked this "selling point": the absence of selling points. The web design does not only *look* simple, it *is* simple. Almost read-only, you can't do pretty much anything with it. For this reason, I refuse to call it "Git on steroids"; instead, it's "Git without hurdles", hurdles scattered in your dev work every single day. OK, listen carefully: all the interactions I used to assume to be web-only, happen on mailing lists. To submit a patch (retro version of "pull request" - remember that?), you simply commit your changes locally, run this command: `git send-email --to="~user/list@lists.sr.ht" HEAD~`, and your patch is out there waiting for review. Of course, a shitload of configuration has to be done ahead, which is partly why this email-driven development hasn't really taken off in the younger demographic. + +Despite its drawbacks, I find it superior to web apps. First of all it obviously saves bandwidth as well as time, since no time is wasted on the UI; the terminal plus an email client satisfy all needs. Second is because it's *dank as shit*. With the right configuration, you can set up a TUI email client, which enables you to combine the entirety of your workflow in the terminal. Finally, and the **most importantly**: it does *not* require an account for contributors to submit a patch. All it takes is your email address as your identity, and an email containing your patch. And *this*, is how Git is supposed to work. Read more on @OTheB's blogpost, the one that had me sold: [how to use git](https://boxin.space/post/how-to-use-git) (with fancy screenshots I'm too lazy to take). I'm not asking you to stop using web UI's; I'm reasoning how the alternative is more efficient, and should be considered as a solid option. + +### When is this approach favorable? + +Under what circumstance should you try this? When you're in a (probably small in core contributors) team maintaining a project actively. Mails feel more like a to-do list for today than a kanban for this month, as you may find in a web forge. Patches and feedback get stuck in the mailbox before you resolve them. You'll be more motivated to fix them or respond to them. + +## Pains + +### Email + +With any given Git hosting platform with a fancy web interface, you very likely use your email to login. After that, you only occasionally receive notifications in your mailbox. Stuff happens over HTTP mainly, so it doesn't matter if you're using a shitty webmail interface like GMail. Let's say you ditched GitHub and went all in on email-driven development. Now email becomes a crucial part of your web-free workflow, and you can't just use another web interface while expecting to be a 10x dev. Furthermore, the email address is no longer *part* of your identity; it *is* your identity. Your patches are submitted through it, PGP key generated under it. So it is utterly critical to get this right before you even start. + +#### Provider + +It would be best if you have a personal server and are able to install a mail server yourself. I can't. Fortunately, I found a provider, thanks to [Drew DeVault's recommendation](https://cmpwn.com/@sir/102452352875414214) (first on the list). (Oh, did I mention Drew is Sourcehut's creator?) + +#### Local client + +IMAP and SMTP are old. This means were you to manually set up your account, there'd be standards and conventions, old and new, in any given field to fill out when configuring a client. For example (excuse my stupidity), TLS and STARTTLS are somewhat different, but I'm too lazy to check. I spent a tediously long time configuring 5 clients, 2 of which are working. + +In the [list.sr.ht wiki](https://man.sr.ht/lists.sr.ht/etiquette.md), I learned to [use plain text in email](httpd://useplaintext.email) and keep email etiquette in mind. This is easily achievable. + +I also had a reasonably short time setting up an SMTP client (turns out to be different from an fully-fledged email client), namely `msmtp`. It's a CLI utility for sending emails. You can configure `git send-email` to use it as one of the possible methods. See [git-send-email website](https://git-send-email.io/). + +### Community + +Admit it: mailing lists, although barrier-free, rarely gets as much attention as a web UI like a GitHub issue thread. Also, easy it may have been for you to get a email address you're proud to tell others, others' may be crap like SweeetBabe.69owo@gmail.com. Using email just feels more personal. For this reason, I suggest we use email-driven development for collaborative projects with a firm maintainer team, encourage experienced devs to join, and leave the mailing list as a feedback channel for regular users. Keep a mirror on a "regular" forge, as is the case for Linux, but I can't help cringing at [how](https://github.com/torvalds/linux/pull/695) [many](https://github.com/torvalds/linux/pull/708) [joke](https://github.com/torvalds/linux/pull/727) [PR's](https://github.com/torvalds/linux/pull/753) [it's](https://github.com/torvalds/linux/pull/767) [got](https://github.com/torvalds/linux/pull/779). (I mean, *some* of them are funny.) And a bot would reply under them, taking them to the mailing list. When you make a mirror, however, perhaps you should tell people about it in advance. + +## Reflection + +I reflected on myself, the guy who thought himself a hipster migrating from GitHub to Codeberg. + +### Why had I never heard of email-driven development? + +At the news GitHub banned Iranian users without notice under the sanction, I was equally outraged as many of its users. I reached out to [ForgeFed](https://forgefed.peers.community/) to discuss how we should make federated forge services, unaware the distributed nature of Git itself. I also started an issue thread in a repo protesting GitHub's abrupt decision, under which although one person noted how Git is decentralized already, nobody seemed to bring up anything about mailing lists or stuff like `git am`. I suppose the mailing list gang had left GitHub for good? A few days later, speaking up my opinions on IRC, some friends reminded me of the email-as-an-identity thing, but still no mailing list. So, that's basically why I heard of such a thing nine months later than I should have. + +### What made me think web UI is the orthodoxy? + +It's the first impression. GitHub (ironically) is my first mentor in FOSS. Like many others, I had no idea what GitHub and Git actually are, nor their relationship. As a result, it became a mindset, a mindset where I push buttons for actions and click checkboxes for options. It's undesirable, if you know what I mean. It's a shame for a Linux user for 3 years to be stuck in the web app for what could've been done in the terminal. Interfaces made email appear more old-fashioned than it really is, and this illusion harmed me. I wish I could ask for compensation. + +### How many other young devs exactly like me are out there, suffering? + +A lot. While beginners tend to wet their hands in a web environment they're familiar with, others like me will regret not having heard of the opposite sooner. That's why I'm asking you to share the word to whoever wants to take their development efficiency one level higher. Not necessarily on sr.ht (they do release their applications as free software, with the need of a mail server). It's worth learning how to amend a commit, rebase, etc. + +## TL;DR + +Many people believed the GitHub-like UI is the way all FOSS is developed. They are wrong. A web UI is not the only nor the original way to use git; you could use [git-send-email](https://git-send-email.io) to submit patches in mailing lists, and as maintainers you can merge them using git's stock utilities. Some people have never heard of the latter because they were never told about it; meanwhile, the web UI has hijacked their mindset. [Sourcehut](https://sourcehut.org/) is an example of email-driven development with a minimalistic web frontend. In such development scheme you will find your workflow more efficient, especially if you are used to a terminal. The obvious pain in the neck is a good mailbox as your identity and a local client that doesn't suck. I hope you're experienced enough to figure those out. Then it's the low public exposure of a mailing list. Perhaps maintain a mirror on a UI-driven site as a portfolio. + +The reason why I had never heard of such a thing before is no one told me the exact thing I needed to know. Also GitHub formed the stereotype of a git forge. There are certainly other young people suffering, unaware of email-driven development being an option. Tell them this thing has been around for 15 years. diff --git a/docs/realgit.md b/docs/realgit.md deleted file mode 100644 index 590382d..0000000 --- a/docs/realgit.md +++ /dev/null @@ -1,71 +0,0 @@ -# The Real Git - -This post is for young developers like me, ditching GitHub/Lab for Gitea with a self-recognition as a hipster. There is a TL;DR at the bottom. - -For too long have I held the incorrect belief that we needed a GitHub alternative that federates, and joins the fediverse using ActivityPub. Well, it could be a thing. Gitea is good, and I'd be pleased to see it get better by implementing AP. - -## Interface - -Ask yourself: is a web app the only way to do issues/tickets, pull requests/merge requests, etc? Hear me out: people take it for granted that a good product deserves a shiny dashboard. Over the course of GitHub's "success", shiny tabs labeled "issues" and "pull requests" gain ubiquity on other VCS frontends. It disrupted the industry. - -How did developers contribute to FOSS projects back when GitHub wasn't a thing? Well, before StackOverflow, we had forums. Similarly, before GitHub, we had mailing lists. It has been long known to me that the Linux kernel is developed on a mailing list, where contributors would submit patches and receive a *Wish You Were Never Born, Dumbass* Certificate from Linus. However I, along with many others had no idea how it's *actually* done. Check out [the PR page of the Linux repo on GitHub](https://github.com/torvalds/linux/pulls). *Too many* people have mistaken a web UI, if not limited to GitHub, for *the* development platform for *anything*. Well, it's definitely not how Linux is developed. - -The web interface is intrusive. You may be unsurprised to hear some people, typically new coders making their own GitHub page, code directly into GitHub's web editor, commit one file at a time, and test changes in the browser. It's the UI mindset. GitHub and websites alike hijacked us, and we didn't even know. The reason why will be analyzed. - -You notice a clear distinction between "coders" and "developers": it's like human evolution, the command of tools. Git is a tool; so is GitHub. A tool is intended to excel at a limited range of work. If you cry about how GitHub sucks as a cloud drive, you are cracking a walnut with a drill. Sharpening your skill is a superset of mastering the toolchain. Likewise, it seems sensible for me to, at this point of my coding hobby, leap out of the interfaces and embrace what Git should have been. After all, what we really wanted is not an interface, but a workflow, in which field Git's utilities work just fine. - -## The Real Git - -I will use [sourcehut](https://sourcehut.org/), aka sr.ht as an example. I stumbled upon it a while ago, but it wasn't until yesterday that I tried it out for its simplicity. Simple as in no bloat, not in being for dummies. For starters, there's no JavaScript. Really, you should check out its interface. Or not. It doesn't matter, something else does, and I sincerely regret having overlooked this "selling point": the absence of selling points. The web design does not only *look* simple, it *is* simple. Almost read-only, you can't do pretty much anything with it. For this reason, I refuse to call it "Git on steroids"; instead, it's "Git without hurdles", hurdles scattered in your dev work every single day. OK, listen carefully: all the interactions I used to assume to be web-only, happen on mailing lists. To submit a patch (retro version of "pull request" - remember that?), you simply commit your changes locally, run this command: `git send-email --to="~user/list@lists.sr.ht" HEAD~`, and your patch is out there waiting for review. Of course, a shitload of configuration has to be done ahead, which is partly why this email-driven development hasn't really taken off in the younger demographic. - -Despite its drawbacks, I find it superior to web apps. First of all it obviously saves bandwidth as well as time, since no time is wasted on the UI; the terminal plus an email client satisfy all needs. Second is because it's *dank as shit*. With the right configuration, you can set up a TUI email client, which enables you to combine the entirety of your workflow in the terminal. Finally, and the **most importantly**: it does *not* require an account for contributors to submit a patch. All it takes is your email address as your identity, and an email containing your patch. And *this*, is how Git is supposed to work. Read more on @OTheB's blogpost, the one that had me sold: [how to use git](https://boxin.space/post/how-to-use-git) (with fancy screenshots I'm too lazy to take). I'm not asking you to stop using web UI's; I'm reasoning how the alternative is more efficient, and should be considered as a solid option. - -### When is this approach favorable? - -Under what circumstance should you try this? When you're in a (probably small in core contributors) team maintaining a project actively. Mails feel more like a to-do list for today than a kanban for this month, as you may find in a web forge. Patches and feedback get stuck in the mailbox before you resolve them. You'll be more motivated to fix them or respond to them. - -## Pains - -### Email - -With any given Git hosting platform with a fancy web interface, you very likely use your email to login. After that, you only occasionally receive notifications in your mailbox. Stuff happens over HTTP mainly, so it doesn't matter if you're using a shitty webmail interface like GMail. Let's say you ditched GitHub and went all in on email-driven development. Now email becomes a crucial part of your web-free workflow, and you can't just use another web interface while expecting to be a 10x dev. Furthermore, the email address is no longer *part* of your identity; it *is* your identity. Your patches are submitted through it, PGP key generated under it. So it is utterly critical to get this right before you even start. - -#### Provider - -It would be best if you have a personal server and are able to install a mail server yourself. I can't. Fortunately, I found a provider, thanks to [Drew DeVault's recommendation](https://cmpwn.com/@sir/102452352875414214) (first on the list). (Oh, did I mention Drew is Sourcehut's creator?) - -#### Local client - -IMAP and SMTP are old. This means were you to manually set up your account, there'd be standards and conventions, old and new, in any given field to fill out when configuring a client. For example (excuse my stupidity), TLS and STARTTLS are somewhat different, but I'm too lazy to check. I spent a tediously long time configuring 5 clients, 2 of which are working. - -In the [list.sr.ht wiki](https://man.sr.ht/lists.sr.ht/etiquette.md), I learned to [use plain text in email](httpd://useplaintext.email) and keep email etiquette in mind. This is easily achievable. - -I also had a reasonably short time setting up an SMTP client (turns out to be different from an fully-fledged email client), namely `msmtp`. It's a CLI utility for sending emails. You can configure `git send-email` to use it as one of the possible methods. See [git-send-email website](https://git-send-email.io/). - -### Community - -Admit it: mailing lists, although barrier-free, rarely gets as much attention as a web UI like a GitHub issue thread. Also, easy it may have been for you to get a email address you're proud to tell others, others' may be crap like SweeetBabe.69owo@gmail.com. Using email just feels more personal. For this reason, I suggest we use email-driven development for collaborative projects with a firm maintainer team, encourage experienced devs to join, and leave the mailing list as a feedback channel for regular users. Keep a mirror on a "regular" forge, as is the case for Linux, but I can't help cringing at [how](https://github.com/torvalds/linux/pull/695) [many](https://github.com/torvalds/linux/pull/708) [joke](https://github.com/torvalds/linux/pull/727) [PR's](https://github.com/torvalds/linux/pull/753) [it's](https://github.com/torvalds/linux/pull/767) [got](https://github.com/torvalds/linux/pull/779). (I mean, *some* of them are funny.) And a bot would reply under them, taking them to the mailing list. When you make a mirror, however, perhaps you should tell people about it in advance. - -## Reflection - -I reflected on myself, the guy who thought himself a hipster migrating from GitHub to Codeberg. - -### Why had I never heard of email-driven development? - -At the news GitHub banned Iranian users without notice under the sanction, I was equally outraged as many of its users. I reached out to [ForgeFed](https://forgefed.peers.community/) to discuss how we should make federated forge services, unaware the distributed nature of Git itself. I also started an issue thread in a repo protesting GitHub's abrupt decision, under which although one person noted how Git is decentralized already, nobody seemed to bring up anything about mailing lists or stuff like `git am`. I suppose the mailing list gang had left GitHub for good? A few days later, speaking up my opinions on IRC, some friends reminded me of the email-as-an-identity thing, but still no mailing list. So, that's basically why I heard of such a thing nine months later than I should have. - -### What made me think web UI is the orthodoxy? - -It's the first impression. GitHub (ironically) is my first mentor in FOSS. Like many others, I had no idea what GitHub and Git actually are, nor their relationship. As a result, it became a mindset, a mindset where I push buttons for actions and click checkboxes for options. It's undesirable, if you know what I mean. It's a shame for a Linux user for 3 years to be stuck in the web app for what could've been done in the terminal. Interfaces made email appear more old-fashioned than it really is, and this illusion harmed me. I wish I could ask for compensation. - -### How many other young devs exactly like me are out there, suffering? - -A lot. While beginners tend to wet their hands in a web environment they're familiar with, others like me will regret not having heard of the opposite sooner. That's why I'm asking you to share the word to whoever wants to take their development efficiency one level higher. Not necessarily on sr.ht (they do release their applications as free software, with the need of a mail server). It's worth learning how to amend a commit, rebase, etc. - -## TL;DR - -Many people believed the GitHub-like UI is the way all FOSS is developed. They are wrong. A web UI is not the only nor the original way to use git; you could use [git-send-email](https://git-send-email.io) to submit patches in mailing lists, and as maintainers you can merge them using git's stock utilities. Some people have never heard of the latter because they were never told about it; meanwhile, the web UI has hijacked their mindset. [Sourcehut](https://sourcehut.org/) is an example of email-driven development with a minimalistic web frontend. In such development scheme you will find your workflow more efficient, especially if you are used to a terminal. The obvious pain in the neck is a good mailbox as your identity and a local client that doesn't suck. I hope you're experienced enough to figure those out. Then it's the low public exposure of a mailing list. Perhaps maintain a mirror on a UI-driven site as a portfolio. - -The reason why I had never heard of such a thing before is no one told me the exact thing I needed to know. Also GitHub formed the stereotype of a git forge. There are certainly other young people suffering, unaware of email-driven development being an option. Tell them this thing has been around for 15 years. - -Last updated: 2020-05-02 diff --git a/docs/rickstodon.md b/docs/rickstodon.md deleted file mode 100644 index 45a69d7..0000000 --- a/docs/rickstodon.md +++ /dev/null @@ -1,253 +0,0 @@ -# Rickstodon - Rickroll Your Friends (or Foes) With A Fake Mastodon Registration Page - -## -- Introducing a new way to present an old prank - -![screenshot with most of the buttons and links on the page pointing to the signature rickroll cover image on youtube](img/rickstodon.webp) - -See [video demo](https://fkfd.me/static/rickstodon.mp4); hosted on [social.fkfd.me](https://social.fkfd.me); see [Codeberg repo](https://codeberg.org/fakefred/rickstodon) - -## How to host it? - -Because Mastodon is licensed under AGPL, and the frontend is not explicitly excluded, I doubt the legitimacy to redistribute it unlicensed. Therefore, this repo only contains a guide to make your own Rickstodon in N easy steps. You need either a working nginx, or python+pyramid. - -## Prepare a place for your prank - -Get a domain. If you already have one, you can always add a subdomain record into its DNS settings, typically available in the registrar's web panel. For example, `social.[your.domain]` is a subdomain that seems totally legit. Set up an A/AAAA record pointing to your server IP. Let's call this domain `social.legit.website` throughout the tutorial. - -## Capture the Mastodon - -Go to a Mastodon instance you are logged out of. You will be redirected to its about page, which looks like the screenshot above. Download the page using your browser, including the files. Chromium seemed to be unable to fetch the files? idk. Firefox works fine. Press ctrl+s to save `about.html`, as well as its embedded files into a directory called `about_files`. - -You will see your files in a structure like: - -``` -about.html -about_files/ - common-9fa4342b.css - d96d39a0abb45b92.png # admin avatar - f6a76f37d508b407.png # user avatar - fc87edd00a925e4c.png # user avatar - 56270e3bbd5ef1a4.png # user avatar - vlcsnap-2018-08-27-16h43m11s127.png # the mastodon-paper planes-trumpet picture - common-a45d1c15f1388e6b8338.js - default-78232038.css - favicon.ico - locale_en-0b1defbea6f42c8f057f.js - public-5e7c276e9e232153d9c4.js -``` - -Open `about.html` in your browser. The files should load in their respective place because the filepaths are substituted with `/about_files/xxx`, except for external links, which are retained, e.g. `Documentation` links to `https://docs.joinmastodon.org/` unchanged. - -Now that you've shut the mastodon in the cage, this is where the fun begins. - -## Teaching the Mastodon to rickroll - -Open and edit `about.html`. It is quite large for some text editors (~25 KiB). It's unindented by default. Format it using a code formatter to save your eyes from burning. - -Remember the site you fetched the page from? Change all occurrences of that site (for example, `mastodon.social` to yours: `social.legit.website`. For example, in ``, you may see the following: - -```html - - - - - - - -``` - -Edit the URL's, edit meta content, you name it. The meta content also goes into the visible `
`; search for it and replace its text. - -Done? Good! Now when you check out your site, it has your domain on it. But things are not right! People won't believe that this instance, unexpectedly under Eugen's administration, could attract 503k users in two short days. You need to modify those data as well. Search for `Administered by:` and `Server stats:`. These data are right under them. A value like 41 users/32 MAU is adequately deceiving. - -But waaaaait. You still have Eugen's avi beside your name. This is easy: get your avi, place it under `about_files`, change those filenames in `about.html` accordingly. Same for other people's avis you wish to show. Under the `Administered by:` there is: - -```html - -``` - -Replace `d96d39a0abb45b92.png` with your image, under the same directory. Alternatively, just name your avi `d96d39a0abb45b92.png`, overwriting the original. - -Find an element called `
`. Below are at most three user avatars. You can modify their avis if you wish. Perhaps include yours in them. It's like this: - -```html -
-
- -

- - Discover users - Browse a profile directory and filter by interests -

-
- - - -
- -
- -
-``` - -Yeah, it's literally just all the `*.png`s. - -Now for the final step tampering the frontend, we need to reconfigure the buttons so they take unsuspecting visitors to the classic music video for a classic song. Search for the button called `Sign up`. It is in an HTML form, so clicking it will take us to `/auth`; no good! We want to rickroll the visitors, not sign up an account for them. Scroll up till you meet with this line: - -```html -
-``` - -You see, the `action="/auth"` is the command that takes us to `/auth`. Remove it, along with `novalidate="novalidate"` and `accept-charset="UTF-8" method="post"`, because we're making it no longer a real form that sends requests. Keep the class, for it is used by stylesheets. Without it the form will look primitive, and people will find out. Then, find the `` after it. It shouldn't be far away. Change `
` to `
`, `` to `
`. This prevents form submission from being invoked when the button is clicked. Find another form below, with a button called `Log in`. Do the same to it. An example: - -```html -
- -
- -
- -
-
-
- -
-

- Trouble logging in? -

-
-``` - -Remember the buttons? Yes, the `Sign up` and `Log in`. We need them to, when clicked, rickroll the visitors. Therefore, add an `onclick` action to both of them: - -```html - -``` - -Done! Now we've officially set up the frontend to rickroll visitors if they ever try to sign up or log in. You can test it in a browser. But waaaaaiit. What if they clicked on stuff like "Discover users" or the admin's profile? We need to set up redirections; they are called 301's, taken from their HTTP response code. I will introduce two ways to do it: nginx and python+pyramid. Feel free to fork and add stuff like python+flask, node.js+express, apache, etc. - -## Pretending innocent (2 methods) - -### nginx - -1. Check out `nginx.config`. What you see here is a server block for nginx. Place it either in your existent config file (typically in `/etc/nginx/sites-available`), or alongside with it renamed as something else. - -2. Look into the file: - -``` -# ... -# redirect the following paths to rickroll video -# the tilde (~) means regex; vertical bar (|) means 'or'. -# add more user names if necessary. -location ~ (/terms|/about/more|/public|/explore|/@USERNAME|/auth/password/new) { - return 301 https://www.youtube.com/watch?v=dQw4w9WgXcQ; -} -``` - -The chain of paths catch all the links visitors will likely take a peek at. Replace `USERNAME` with your own username. - -3. symlink this file to /etc/nginx/sites-enabled: `ln -s /etc/nginx/sites-available/FILENAME /etc/nginx/sites-enabled` - -4. Check if there are any blatant problem. - -5. Restart nginx: `nginx -s restart` - -6. Go to your prank domain/subdomain to check result. Click on links to see if it works. - -> "it doesn't work... why?" -> Look, I'm not an nginx expert. Maybe you can try using python+pyramid? - -### python+pyramid (plus a little nginx reverse proxy) - -1. Install python3 and pyramid (`pip3 install pyramid`). If pip says requirements are satisfied, but anything goes wrong later, run this with `--upgrade` to see if it's because of an ancient version. - -2. Put `web.py` in the same directory as `about.html`. - -3. Open and edit the file, just like the nginx one. - -4. Run `web.py` as a background process. Use a screen, tmux etc session or a process manager for it. This is out of scope. - -5. You still need to configure nginx for a bit. Sure, there are other reverse proxies but nginx is the only one I possess knowledge of. Add this block to your nginx config file: - -``` -server { - server_name [host]; # [host] is the domain of your rickstodon page, e.g. social.legit.website - - root /var/www/html; # whatever - index index.html; # whatever - - location / { - # if port 3904 is already taken, change this value both here and in web.py - # if so, re-run the modified python script - proxy_pass http://localhost:3904; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection 'upgrade'; - proxy_set_header Host $host; - proxy_cache_bypass $http_upgrade; - } -} -``` - -6. Restart nginx: `nginx -s restart` - -7. Go to your prank domain/subdomain to check result. Click on links to see if it works. - -## Additional steps - -1. Use HTTPS on your website for best deception. A mastodon instance without it is bound to raise suspicion. Use Let's Encrypt to generate a certificate for your (sub)domain. Sorry, LE. - -## Drawbacks and vulnerabilities - -1. If you have set up Rickstodon with nginx, the browser may make a GET request to youtube.com that reveals your intention. Like this: - -![screenshot of a GET request to https://www.youtube.com/watch?v=dQw4w9WgXcQ in devtools](img/rickstodon-youtube-GET.webp) - -If the user's network is slow, they may notice youtube.com loading in the bottom bar in a desktop browser. - -## Summary - -By now you should have already be savoring the joy from imaginary scenarios where people shout "whoa what the fuck" at a dancing dude. I have played this trick on my mastodon account this April Fool's day. It went... *nicely*. This repo is unlicensed, so you are always welcome to try and improve, and invent better ways to rickroll people. Thank you for coming to my TED talk. diff --git a/docs/shitpost/fake_moon_landing.md b/docs/shitpost/fake_moon_landing.md new file mode 100644 index 0000000..044d8c1 --- /dev/null +++ b/docs/shitpost/fake_moon_landing.md @@ -0,0 +1,19 @@ +# Debunking the "fake moon landing" conspiracy theory + +2021-01-18 + +Some people think that what Neil Armstrong and Buzz Aldrin did in 1969 was +a "fake moon landing". However, there's no way this is true. The moon, as +we see at night, is actually a spherical lump of rock. It looks small only +because it's far away from us. In fact, it is 1737km in radius and +7.342e19t in mass, both much larger and heavier than anything humans +have made. Despite the United States' unsurpassable power in engineering +amidst the Cold War, it was impossible for NASA to build a fake moon +identical to the real one in dimension, let alone quietly propel it into +the orbit where the latter belongs without the Soviet Union noticing. They +would only have a few hours' window in which to perform the manipulations, +before the sun sets in USSR. This is as practical as trying to escape an +earthquake on a segway. Therefore, what the pioneers landed on fifty +years ago was *the* real moon, not a fake one. + +Thank you for coming to my TED talk. diff --git a/docs/shitpost/haiku.md b/docs/shitpost/haiku.md new file mode 100644 index 0000000..c6ffd1e --- /dev/null +++ b/docs/shitpost/haiku.md @@ -0,0 +1,41 @@ +# Haiku collection + +This is a collection of haiku I composed on February 19, 2020, published on mastodon.technology. See [thread](https://mastodon.technology/@fakefred/103683337253008138). + +## Printer + +Background: my inkjet jammed up. + +>I do not have the +Slightest fucking intention +To fix that printer + +## Arch in a Nutshell + +This one is my favorite. `-Syu` is pronounced "S Y U". + +> What goes wrong if I +`sudo pacman -Syu`? +Google "Arch rollback" + +## Python + +``` +#!/usr/bin/python +# what if it gets self-aware? +raise SystemExit +``` + +How to read: + +- `#!/usr/bin/python`: "user bin python" +- `#` is silenced + +## Paccache + +This is a real story. + +> `$ sudo paccache -r` +20 gigas freed from disk +very delighted + diff --git a/docs/shitpost/index.md b/docs/shitpost/index.md new file mode 100644 index 0000000..fa0a6f0 --- /dev/null +++ b/docs/shitpost/index.md @@ -0,0 +1,10 @@ +# Shitposts + +Based on the fact you're looking at my shitposts and not anything of +value, I know you are very bored. You may attempt but miserably fail to +entertain yourself with one or more of the following shitposts in the +precious time you could've spent more wisely elsewhere: + +- [Debunking the "fake moon landing" conspiracy theory](fake_moon_landing) +- [Haiku collection](haiku) +- [Rousseau and Schopenhauer walk into a bar](rousseau_and_schopenhauer) diff --git a/docs/shitpost/rousseau_and_schopenhauer.md b/docs/shitpost/rousseau_and_schopenhauer.md new file mode 100644 index 0000000..0003518 --- /dev/null +++ b/docs/shitpost/rousseau_and_schopenhauer.md @@ -0,0 +1,22 @@ +# Rousseau and Schopenhauer walk into a bar + +2020-10-02 + +Rousseau and Schopenhauer walk into a bar. Both order a whiskey. “Say +Rousseau,” the tender asks, “how’s your kids doin’ in the orphanage?” + +Rousseau gets mad, says, “I had no choice back then! How else could I have +time to develop my theories in child education?” + +“Hey Schopenhauer,” the tender leans to him and asks, “heard ya hooked up +some hot whore last night, huh?” + +Schopenhauer gets mad, says, “I’m still a virgin, man! That can’t even be +called sex. I had to pull it out halfway to meet the deadline. Spent the +rest of the night finishing Thirty Reasons Why Women Suck.” + +Rousseau happens to finish his whiskey, slams his glass on the counter, +turns to the bartender. “Why you prick keep judgin’ us?” + +“Naaaah”, the tender shrugs and says, “I’m totally not disrespecting you +philosophers! I justlike to taunt them from time to time.” -- cgit v1.2.3