diff options
Diffstat (limited to 'TODO.md')
| -rw-r--r-- | TODO.md | 72 |
1 files changed, 56 insertions, 16 deletions
@@ -15,12 +15,11 @@ - monthly link sweep? - upgrade from bulma 0.9.3 to bulma 1.0.0 <https://bulma.io/documentation/start/migrating-to-v1/> -- set up logrotate for more granular `goaccess` reports -- vanity `pablotron*.onion` address (computing on `meh`) - projects: better project pages (pull from `README.md`) - wkd for pgp - home: rename "Archived Posts..." to "Older Posts" - archive: rename "Archived Posts..." to "Older Posts" +- index with pagefind: (<https://pagefind.app/>, <https://www.tbray.org/ongoing/When/202x/2025/11/01/Blog-Search-Pagefind>) ## linting - replace `<img>` in old posts with `{{< figure >}}` (partial work @@ -48,6 +47,8 @@ - plug-in hybrids: find link about people mashing accelerators and effective mpg being substantially lower than advertised - lots of good stuff in "science/climate" bookmarks + - wind kills birds garbage: + <https://codingrelic.geekhold.com/2024/12/wind-turbines-and-bird-deaths.html> - thoughts on "relevance of classic fuzz testing" - https://neverworkintheory.org/2021/10/01/the-relevance-of-classic-fuzz-testing.html - "law of small numbers": http://psychology.iresearchnet.com/social-psychology/decision-making/law-of-small-numbers/ @@ -145,6 +146,9 @@ <https://blog.tidelift.com/the-state-of-package-signing-across-package-managers> - declarative install (go) rationale: <https://blog.phylum.io/phylum-discovers-dozens-more-pypi-packages-attempting-to-deliver-w4sp-stealer-in-ongoing-supply-chain-attack> + - counterexamples: + - rubygems (arbitrary ruby) + - rust (arbitrary rust in `build.rs`) - typosquatting (see sqo vulns from may email) - starsquatting (requests, phpass): https://medium.com/checkmarx-security/typosquatting-attack-on-requests-one-of-the-most-popular-python-packages-3b0a329a892d - ref: https://kerkour.com/rust-crate-backdoor @@ -201,8 +205,6 @@ gambler's ruin (intro to prob, ch 3.5) constant-time fibonacci - fzf, ripgrep -- https://krebsonsecurity.com/2022/08/the-security-pros-and-cons-of-using-email-aliases/ - (email aliases, suggest whitelist instead of blacklist) - bad defaults ("knives up in dishwasher"): - nullable in code/db (see also: <https://carlineng.com/?postid=sql-critique#blog>) - mutable variables @@ -225,12 +227,14 @@ https://github.com/gorhill/uBlock/wiki/Procedural-cosmetic-filters <https://rubyweekly.com/issues/620> ##table.item:has(p.name > .tag-sponsor) + - dark reader + - tab stash - hardening - try out various lsms - apparmor - lockdown - selinux - - systemd hardening + - systemd hardening (examples: spamassassin config) - owasp guides - disa stigs - dropping system calls (firejail) @@ -238,6 +242,7 @@ - heat pump (pictures/heat-pump-20220930) - <https://insideevs.com/news/509767/tesla-model3-control-arm-fix/> - `curl|bash` is madness + - vulnerable to clickfix: <https://arstechnica.com/security/2025/11/clickfix-may-be-the-biggest-security-threat-your-family-has-never-heard-of/> - gosec vs govulncheck https://github.com/securego/gosec https://www.pixelstech.net/article/1667102060-Secure-Your-Go-Code-With-Vulnerability-Check-Tool @@ -256,9 +261,6 @@ - thoughts on tesla: <https://digbysblog.net/2022/11/27/elon-musk-remembered-for-tech-he-destroyed/> - try out pgsodium: <https://github.com/michelp/pgsodium> -- aegis authenticator dance w/ tablet - <https://github.com/beemdevelopment/Aegis> - (including installing lineage 20) - fix-enterprise-episodes.rb - imagecompare (flex:git/go/test/imagecompare) - don't expose ssh (imap) @@ -293,6 +295,7 @@ - sorta: elasticsearch (opensearch), redis - reddit, stackoverflow - my tools + - hnb - vim: (2 pragbooks vim books, vimhelp.org, learnvimthehardway) - tried neovim, still like vim more - irssi @@ -333,6 +336,9 @@ - ollama - btop (recommended by alonzo) - goaccess: apache log reporting tool + - aegis authenticator dance w/ tablet + <https://github.com/beemdevelopment/Aegis> + (including installing lineage 20) - compare signify, age, and minisign: https://flak.tedunangst.com/post/signify https://blog.gtank.cc/modern-alternatives-to-pgp/ @@ -351,7 +357,6 @@ - firefox terms of use nonsense https://arstechnica.com/tech-policy/2025/02/firefox-deletes-promise-to-never-sell-personal-data-asks-users-not-to-panic/ https://lwn.net/Articles/1012430/ -- firefox tab groups (new in firefox 136) - problems w/ tracking apis: - orwellian name (does not preserve privacy) - analogies for folks to understand correlation: clue, sudoku, wordle @@ -474,6 +479,8 @@ - chatgpt <https://www.jwz.org/blog/2023/02/the-bullshit-fountain/> - ai is not intelligence: <https://current.workingdirectory.net/posts/2023/enough-about-ai/> - (lots of other stuff by ed zitron) + - "grift bubble": + <https://codingrelic.geekhold.com/2025/01/tale-of-two-crises-y2k-and-o3.html> - pi cases (fish, lemon, and pumpkin, see pics on phone) - transport-layer shenanigans: - included in openssl 3.4 (phoronix article) @@ -523,6 +530,8 @@ - run tails in gnome boxes with persistent storage (see x1 notes for details, but it's `qemu-img convert ... qemu-img resize`) ref: <https://unix.stackexchange.com/questions/517524/install-tails-with-persistent-storage-on-virtualbox> +- signal in tails: + <https://bisco.org/notes/installing-and-running-signal-on-tails/> - bot user-agent blocking: <https://www.jwz.org/blog/2025/05/user-agent-blocking/#comment-259206> <https://perishablepress.com/ultimate-ai-block-list/> (linked from comment) @@ -553,17 +562,33 @@ "decrypt", "sign", "verify", etc - still making sense of trust handling - available in debian -- armbian on odroid n2l - (first login hiccups, root pw) - (netplan hiccups) - (see notes v4.txt) +- privacy: + - mozilla "privacy preserving" garbage (above) + - https://krebsonsecurity.com/2022/08/the-security-pros-and-cons-of-using-email-aliases/ + (email aliases, suggest whitelist instead of blacklist) + - web fingerprinting: <https://www.amiunique.org/fingerprint> + eff coveryourtracks: <https://coveryourtracks.eff.org/> + - eff surveillance self-defense: <https://ssd.eff.org/> + - msn good article about facebook snafu with a gratuitous omission: <https://www.msn.com/en-us/news/technology/meta-found-a-new-way-to-violate-your-privacy-here-s-what-you-can-do/ar-AA1GecPs> + - ars comment about ublock origin setting: <https://arstechnica.com/security/2025/06/meta-and-yandex-are-de-anonymizing-android-users-web-browsing-identifiers/?comments=1&post=43767385> +- spamprobe to spamassassin (notes in v3.txt) + - had to disable dnswl check, was causing grief + - `sa-check.py`, got 184/200 (~92% true positive rate) + - added `sa-train.sh`, runs nightly + - updated `~/.mailfilter` + - will monitor +- cwe id in u16, cve id in u32 + (`~/git/test/rust/nvd-cve/src/lib.rs`) +- "quick numbers vs accurate numbers" + - quick disease test versus blood test + - BLS jobs reports +- `polycvss` article about bit packing and `cvss-calcs` ## linkdump (2022-08-10): - css bg fade: <file:///data/home/pabs/git/test/html/css-bg-fade/index.html> <https://developer.mozilla.org/en-US/docs/Web/HTML/Link_types/preload> - https://www.mgaudet.ca/technical/2022/8/9/faster-ruby-thoughts-from-the-outside -- https://www.fuzzingbook.org/ - https://security.googleblog.com/2022/05/retrofitting-temporal-memory-safety-on-c.html - allocation in go: https://medium.com/eureka-engineering/understanding-allocations-in-go-stack-heap-memory-9a2631b5035d (src: <https://old.reddit.com/r/golang/comments/wl7qyx/when_writing_functions_when_should_i_pass_by/iju1bhs/>) @@ -581,8 +606,9 @@ - https://research.nccgroup.com/2022/08/16/wheel-of-fortune-outcome-prediction-taking-the-luck-out-of-gambling/ - https://carlineng.com/?postid=sql-critique#blog - https://www.openssl.org/blog/blog/2022/08/24/FIPS-validation-certificate-issued/ -- constant-time fibonacci: https://specbranch.com/posts/const-fib/ -- https://fabiandablander.com/r/Fibonacci.html +- constant-time fibonacci: + <https://specbranch.com/posts/const-fib/> + <https://fabiandablander.com/r/Fibonacci.html> - https://specbranch.com/posts/common-perf-numbers/ - (reminds me of "tyranny of metrics"): <https://old.reddit.com/r/programming/comments/x37u7k/be_goodargumentdriven_not_datadriven/> - chebyshev, taylor series: <https://specbranch.com/posts/faster-div8/> @@ -648,6 +674,7 @@ <https://www.jwz.org/blog/2024/06/your-personal-information-is-very-important-to-us/> - <https://arstechnica.com/gadgets/2024/08/nova-launcher-savior-of-cruft-filled-android-phones-is-on-life-support/> - software: <https://www.lawfaremedia.org/article/the-crowdstrike-outage-and-market-driven-brittleness> +- <https://github.com/C2SP/wycheproof> ## done - add project folders @@ -787,3 +814,16 @@ <http://pabstordmsrzhushs5drpb5mtb2ml56iyacidsjfebl2jlss65rlbsqd.onion/'> (added to site backend) - Projects: make each entry a `<li>` +- set up logrotate for more granular `goaccess` reports. done, see + k3 notes and this gist: + <https://gist.github.com/pablotron/57aea9422a56bf59fedb3282bcc96109> +- vanity `pablotron*.onion` address. done. url is: + <http://pablotronfils76sk6pwvyoosvfjbhxe3sn4c654e4na4szidbnbqdyd.onion/> +- firefox tab groups (new in firefox 136). done: added to "firefox + redux" post +- link to openvpn article in wayback machine: + <https://web.archive.org/web/20070812003116/http://www.linux-mag.com/id/2502> + (done: updated `content/posts/2006-03-19-openvpn*.html`) +- openvpn article wayback link +- site backend updates (nginx config) +- armbian on odroid n2l |