diff options
| author | Paul Duncan <pabs@pablotron.org> | 2025-05-26 19:02:58 -0400 |
|---|---|---|
| committer | Paul Duncan <pabs@pablotron.org> | 2025-05-26 19:02:58 -0400 |
| commit | 038769ece34eb09e6756d4bc923c1c9ebed2dd48 (patch) | |
| tree | bde9e794a56c47e831918e1a044eca1e0bdc650d | |
| parent | 48c22b6d58e8edd8f3cdb7cf9417c5493a359620 (diff) | |
| download | pablotron.org-038769ece34eb09e6756d4bc923c1c9ebed2dd48.tar.xz pablotron.org-038769ece34eb09e6756d4bc923c1c9ebed2dd48.zip | |
TODO.md: reorganize, mark several ideas as done, add new ideas
| -rw-r--r-- | TODO.md | 118 |
1 files changed, 81 insertions, 37 deletions
@@ -1,12 +1,12 @@ # Site TODO ## Notes - - use `zf` to fold sections - use `zc` to expand tem ## general - import old files + backup: `user.k3:/data/backup/k2/sda6/share/www/pablotron.org/htdocs` - add "music" somewhere ("songs", keep pmdn.org for personal stuff) - add sticky footer: https://css-tricks.com/couple-takes-sticky-footer/ @@ -16,6 +16,10 @@ - upgrade from bulma 0.9.3 to bulma 1.0.0 <https://bulma.io/documentation/start/migrating-to-v1/> - set up logrotate for more granular `goaccess` reports +- vanity `pablotron*.onion` address (computing on `meh`) +- Projects: make each entry a `<li>` +- better project pages (pull from `README.md`) +- wdk for pgp ## linting - replace `<img>` in old posts with `{{< figure >}}` (partial work @@ -25,7 +29,7 @@ `web.k3:~/go/bin/htmltest`) - add automatic html linter. see reviews here: <https://chezsoi.org/lucas/blog/a-review-of-html-linters.html> -- find old links with `ia` tool: +- fix old links with `ia` tool: <https://archive.org/developers/quick-start-cli.html> - restore old projects, releases, and picture content from backup directory: `user.k3:/data/backup/k2/sda6/share/www/pablotron.org/htdocs` @@ -36,9 +40,7 @@ (richard asked about this on 2019-07-22, so +1) - sqlite3 fts search - compiler surprises: https://godbolt.org/z/ZQbZ2R -- pwasm - RewriteMap/docker (gist) -- ev-crash-course (~/git/ev-crash-course) - pocket-jim - greenwashing: ccs/nuclear/hydrogen is a scam great link: <https://www.vox.com/climate/363076/climate-change-solution-shell-exxon-mobil-carbon-capture> @@ -62,6 +64,14 @@ - tulip mania - irony: <https://www.jwz.org/blog/2024/11/bitcoin-tulips/> - nerd sniping + - <https://web3isgoinggreat.com> + - charlie strauss + - <https://www.antipope.org/charlie/blog-static/2022/11/decision-fatigue.html> + - <https://www.antipope.org/charlie/blog-static/2013/12/why-i-want-bitcoin-to-die-in-a.html> !! (lots of good stuff content here) + - ftc fraud: + <https://www.ftc.gov/news-events/news/press-releases/2022/06/new-analysis-finds-consumers-reported-losing-more-1-billion-cryptocurrency-scams-2021> + <https://www.ftc.gov/news-events/news/press-releases/2022/06/new-analysis-finds-consumers-reported-losing-more-1-billion-cryptocurrency-scams-2021> + (note: bullet in second article is a "pig butchering" scam) https://www.jwz.org/blog/2022/01/mozilla-blinked/ https://www.wired.com/story/theres-no-good-reason-to-trust-blockchain-technology/ (nicholas weaver article) @@ -77,7 +87,6 @@ - syzkaller/syzbot: https://www.youtube.com/watch?v=YwX4UyXnhz0 https://clangbuiltlinux.github.io/CBL-meetup-2020-slides/glider/Fighting_uninitialized_memory_%40_CBL_Meetup_2020.pdf - http://www.antipope.org/charlie/blog-static/2022/11/decision-fatigue.html - bpf: https://ebpf.io/ https://www.brendangregg.com/blog/2021-07-03/how-to-add-bpf-observability.html https://qmonnet.github.io/whirl-offload/2021/09/23/bpftool-features-thread/ @@ -106,7 +115,7 @@ - log4j and dependency usefulness as a function of time for projects - postgres tiny tricks - CTEs as optimization barrier: - https://old.reddit.com/r/programming/comments/suyidt/a_hairy_postgresql_incident/hxdvwl4/ + <https://old.reddit.com/r/programming/comments/suyidt/a_hairy_postgresql_incident/hxdvwl4/> - `~* ANY(string_to_array(?))` (comment in reddit w/json array) - pub/sub? - domains instead of repeated check constraints @@ -117,6 +126,10 @@ - timestamptz, long timezone names aware of DST - RETURNING - GENERATED STORED tsvector (bookman) + - INT PRIMARY KEY GENERATED BY DEFAULT AS IDENTITY vs + INT PRIMARY KEY GENERATED ALWAYS AS IDENTITY + (fix sequence permission nonsense) + - EXISTS rather than COUNT() (depz article about this somewhere) - compare and contrast cyclonedx vs spdx - (at the moment i like cyclonedx more, it seems less ad-hoc) - https://cyclonedx.org/docs/1.4/json/ @@ -166,8 +179,6 @@ https://bitbucket.org/brucelet/space-trader/src/master/app/src/main/java/com/brucelet/spacetrader/ and the 70s one w/ source: https://en.wikipedia.org/wiki/Star_Trader -- markovian (golang markov chain generator) - (~/git/test/go/markovian) - hq (`flex:~/git/hq`) - secure C wiki is confluence!?!? <https://wiki.sei.cmu.edu/confluence/display/c/SEI+CERT+C+Coding+Standard> @@ -191,7 +202,7 @@ - fzf, ripgrep - https://krebsonsecurity.com/2022/08/the-security-pros-and-cons-of-using-email-aliases/ (email aliases, suggest whitelist instead of blacklist) -- bad defaults: +- bad defaults ("knives up in dishwasher"): - nullable in code/db (see also: <https://carlineng.com/?postid=sql-critique#blog>) - mutable variables - fallthrough in switch @@ -199,32 +210,30 @@ - nullable parameters - defer (go, c proposal) vs manual freeing - create openssl 3.x provider, see: - https://www.openssl.org/docs/manmaster/man7/provider.html + <https://www.openssl.org/docs/manmaster/man7/provider.html> (could use pt-aes, pt-chacha20, md4, md5, sha2, etc) -- summary of minification work w/ links to posts, reference this - article: - https://endtimes.dev/why-your-website-should-be-under-14kb-in-size/ - minikube vs k3s (https://minikube.sigs.k8s.io/docs/handbook/) -- on passwords (crypto training, https://arstechnica.com/civis/viewtopic.php?f=2&t=1486155&p=41174039#p41174039) - - lots of bad info floating around (see comments of - https://arstechnica.com/information-technology/2022/08/plex-imposes-password-reset-after-hackers-steal-data-for-15-million-users/ - https://old.reddit.com/r/programming/comments/wxx674/password_management_firm_lastpass_was_hacked_two/ - etc - - passkeys (good replacement, too complicated internally) - - owasp password security cheat sheet, fips 183? - compare sanitizer api, dompurify, fastest htmlesc - tiny-binaries redux w/go 1.20, point out grype scanner output for minimal images - browser addons: - (ublock origin) + (ff: ublock origin, chrome: ublock origin lite) https://arstechnica.com/gadgets/2022/09/beloved-browser-extension-acquired-by-non-beloved-antivirus-firm/?comments=1 <https://consentomatic.au.dk/> cosmetic filter example: https://github.com/gorhill/uBlock/wiki/Procedural-cosmetic-filters <https://rubyweekly.com/issues/620> ##table.item:has(p.name > .tag-sponsor) -- try out various lsms -- systemd hardening +- hardening + - try out various lsms + - apparmor + - lockdown + - selinux + - systemd hardening + - owasp guides + - disa stigs + - dropping system calls (firejail) + - opensnitch - heat pump (pictures/heat-pump-20220930) - <https://insideevs.com/news/509767/tesla-model3-control-arm-fix/> - `curl|bash` is madness @@ -284,8 +293,11 @@ - reddit, stackoverflow - my tools - vim: (2 pragbooks vim books, vimhelp.org, learnvimthehardway) + - tried neovim, still like vim more - irssi + - bitlbee (except googlechat broke on 2025-05-25, :/) - screen + - tried tmux, still like screen more - mutt/offlineimap/notmuch (dovecot index config for android) - irb (show irbrc w/3.x mods) @@ -294,10 +306,12 @@ - perf - wireguard - minify, imagemagick/gm, pngquant + - `mod_deflate` mime types tweaked to compress svgs - meson? - postgres, sqlite - - firefox (ublock origin, tab stash, firefox sync) + - firefox (ublock origin, tab stash, firefox sync, dark reader) - gnome (extensions: hidetopbar, workspace matrix) + - gnome-extensions tool - podman - mtr - programming languages @@ -307,8 +321,17 @@ - python (matplotlib, sympy, sagemath) - assembly - js (es2015) -- sagemath, jupyterlab -- ollama + - neat tool: qalculate + - ref: <https://qalculate.github.io/> + - cli and gtk iface + - installed on flex + - recommended in lwn comments + - used for unit conversions + - derivatives switch quickly from symbolic to numeric evaluation + - sagemath, jupyterlab + - ollama + - btop (recommended by alonzo) + - goaccess: apache log reporting tool - compare signify, age, and minisign: https://flak.tedunangst.com/post/signify https://blog.gtank.cc/modern-alternatives-to-pgp/ @@ -424,7 +447,7 @@ - cryptopals introduction (most crypto fatally broken) - etc - lots of older stuff is "knives up in dishwasher" -- ai/llm mania +- ai/llm mania (slop) - article name: "ai canard" - how many fused-multiply adds does it take for sentience? - ai dropkick @@ -434,7 +457,6 @@ <https://linux.slashdot.org/story/15/06/30/0058243/interviews-linus-torvalds-answers-your-question> - summary of goldman sachs report which is negative on LLMs: <https://www.wheresyoured.at/pop-culture/> - - (lots of other stuff by ed zitron) - <https://arstechnica.com/information-technology/2024/07/openai-board-shakeup-microsoft-out-apple-backs-away-amid-ai-partnership-scrutiny/> (link to brutal goldman sachs report in comments which talks about technology limits, power consumption limits, and chip limits) @@ -447,6 +469,10 @@ <https://arstechnica.com/ai/2025/04/researchers-find-ai-is-pretty-bad-at-debugging-but-theyre-working-on-it/> (quote from brian kernighan about "clever code": <https://www.linusakesson.net/programming/kernighans-lever/index.php>) + - links: + - chatgpt <https://www.jwz.org/blog/2023/02/the-bullshit-fountain/> + - ai is not intelligence: <https://current.workingdirectory.net/posts/2023/enough-about-ai/> + - (lots of other stuff by ed zitron) - pi cases (fish, lemon, and pumpkin, see pics on phone) - transport-layer shenanigans: - included in openssl 3.4 (phoronix article) @@ -474,6 +500,8 @@ seed, openssl disagrees w/ ietf)... "the key issue": https://openssl-library.org/post/2025-01-21-blog-positionandplans/?utm_source=atom_feed https://mailarchive.ietf.org/arch/browse/spasm/?q=draft-ietf-lamps-kyber-certificates + - sotak, shmieg, and fillipo all have posts on this + - ietf email thread too - fast modular arithmetic - good book: primes: a computational approach (crandall primes) - hacker's delight @@ -494,29 +522,36 @@ - run tails in gnome boxes with persistent storage (see x1 notes for details, but it's `qemu-img convert ... qemu-img resize`) ref: <https://unix.stackexchange.com/questions/517524/install-tails-with-persistent-storage-on-virtualbox> -- neat tool: qalculate - - ref: <https://qalculate.github.io/> - - cli and gtk iface - - installed on flex - - recommended in lwn comments - bot user-agent blocking: <https://www.jwz.org/blog/2025/05/user-agent-blocking/#comment-259206> <https://perishablepress.com/ultimate-ai-block-list/> (linked from comment) (consider modsecurity.org ...) -- tor hidden service (see `tor` section above) - <http://pabstordmsrzhushs5drpb5mtb2ml56iyacidsjfebl2jlss65rlbsqd.onion/'> - site backend: document custom mime types in `MOD_DEFLATE` - site backend: add "blocking llm crawlers" or "blocking llm slop" section with `robots.txt` and more (see jwz above) - passwords: - article about storing passwords, password choices + - older idea: + - on passwords (crypto training, https://arstechnica.com/civis/viewtopic.php?f=2&t=1486155&p=41174039#p41174039) + - lots of bad info floating around (see comments of + https://arstechnica.com/information-technology/2022/08/plex-imposes-password-reset-after-hackers-steal-data-for-15-million-users/ + https://old.reddit.com/r/programming/comments/wxx674/password_management_firm_lastpass_was_hacked_two/ + etc + - passkeys (good replacement, too complicated internally) + - owasp password security cheat sheet, fips 183? - link to guidance from 800-63b + - avoid composition requirements - bits from "storing passwords" from crypto training - cracking luks: - <https://diverto.github.io/2019/11/18/Cracking-LUKS-passphrases> - <http://www.hungry.com/~pere/blog/Some_notes_on_Linux_LUKS_cracking.html> - links to passkeys - diceware, eff word list +- sequoia-pgp: https://sequoia-pgp.org/ + - much better command-line iface than gpg: commands are "encrypt", + "decrypt", "sign", "verify", etc + - still making sense of trust handling + - available in debian ## linkdump (2022-08-10): - css bg fade: @@ -592,14 +627,12 @@ - c23: <https://gustedt.wordpress.com/2022/12/18/checked-integer-arithmetic-in-the-prospect-of-c23/> <https://queue.acm.org/detail.cfm?id=3588242> -- chatgpt <https://www.jwz.org/blog/2023/02/the-bullshit-fountain/> - bitslicing <https://timtaubert.de/blog/2018/08/bitslicing-an-introduction/> - pqc parameter debates (kyber, turboshake, dilithium) - <https://paulgeorgiou.org/post/2023/05/sbox-cryptanalysis/> - <https://ratfactor.com/forth/the_programming_language_that_writes_itself.html> - <https://www.mattb.nz/w/2023/06/02/calling-time-on-dnssec/> - "another look at " (15 years of...): <https://www.math.uwaterloo.ca/~ajmeneze/anotherlook/> -- <https://current.workingdirectory.net/posts/2023/enough-about-ai/> - <https://mirrors.edge.kernel.org/pub/linux/kernel/people/paulmck/perfbook/perfbook.html> - <https://www.sevarg.net/2023/03/25/why-people-hate-tech/> - 4 pillars of program analysis (slide 5): @@ -737,3 +770,14 @@ - goaccess - tor: auto-build update hidden service (right now it's static) - tor: add `Onion-Location` header +- summary of minification work w/ links to posts + - ref: <https://endtimes.dev/why-your-website-should-be-under-14kb-in-size/> + (added to site backend) +- old projects (obe): + - pwasm + - ev-crash-course (~/git/ev-crash-course) + - markovian (golang markov chain generator) + (~/git/test/go/markovian) +- tor: hidden service (see `tor` section above) + <http://pabstordmsrzhushs5drpb5mtb2ml56iyacidsjfebl2jlss65rlbsqd.onion/'> + (added to site backend) |