# Site TODO

## general
- replace `<img>` in old posts with `{{< figure >}}` (partial work
  done on stuff `>= 2019`)
- fix broken links in posts
- import files
- add "music" somewhere ("songs", keep pmdn.org for personal stuff)
- add sticky footer:
  https://css-tricks.com/couple-takes-sticky-footer/
- toc: add title and aria-label
- toc: show on right sidebar on desktop
- htmltest/htmltidy post-receive hook (already installed as
  web.k3:~/go/bin/htmltest): <https://github.com/wjdp/htmltest>
- monthly link sweep?
- upgrade from bulma 0.9.3 to bulma 1.0.0
  <https://bulma.io/documentation/start/migrating-to-v1/>

## post ideas
- fast document search: postgres fts, `pg_trgm`, and tika (git/test/sift)
  (richard asked about this on 2019-07-22, so +1)
  - sqlite3 fts search
- pi notes
- k3 notes
- compiler surprises: https://godbolt.org/z/ZQbZ2R
- temperature sensors (see SA post, add bit about "meat"): https://forums.somethingawful.com/showthread.php?threadid=3468084&userid=0&perpage=40&pagenumber=176#post494884256
- sensortron
- meson-junit
- pwasm
- RewriteMap/docker (gist)
- ev-crash-course (~/git/ev-crash-course)
- pocket-jim
- ccs/nuclear/hydrogen is a scam
- thoughts on "relevance of classic fuzz testing"
  - https://neverworkintheory.org/2021/10/01/the-relevance-of-classic-fuzz-testing.html
  - "law of small numbers": http://psychology.iresearchnet.com/social-psychology/decision-making/law-of-small-numbers/
  - full paper: https://neverworkintheory.org/2021/10/01/the-relevance-of-classic-fuzz-testing.html
  - legacy debian (hamm): http://archive.debian.org/debian/dists/hamm/main/binary-i386/base/
  - things i noticed:
    - possible small set giving extreme outliers
    - dash is not /bin/sh on all linuxes (only debian-based distros)
    - wonder about overall size of base installs (base rate fallacy)
    - summary of rust conclusion seems suspect and different than
      content of paper itself
    - detailed results are interesting
- buttcoin:
  - https://www.theonion.com/man-who-lost-everything-in-crypto-just-wishes-several-t-1848764551
  - tulip mania
  - nerd sniping
  https://www.jwz.org/blog/2022/01/mozilla-blinked/
  https://www.wired.com/story/theres-no-good-reason-to-trust-blockchain-technology/
  (nicholas weaver article)
  https://blog.yossarian.net/2021/12/05/Blockchains-dont-solve-problems-that-are-interesting-to-me
  https://thecorrespondent.com/655/blockchain-the-amazing-solution-for-almost-nothing/86714927310-8f431cae (not great technically)
  https://www.usenix.org/publications/loginonline/web3-fraud
  https://web3isgoinggreat.com/
  https://www.schneier.com/blog/archives/2022/04/de-anonymizing-bitcoin.html
  https://www.salon.com/2022/07/19/cryptomining-uses-a-disturbing-amount-of-energy-lawmakers-find_partner/
  https://www.dailykos.com/stories/2022/9/30/2126181/-Bitcoin-mining-is-just-as-bad-for-the-environment-as-burning-gasoline-new-study-finds
  https://theintercept.com/2022/10/26/matt-damon-crypto-commercial/
  <https://www.vox.com/the-goods/23466433/sbf-ftx-zuckerberg-elon-musk-billionaires-lies>
- syzkaller/syzbot:
  https://www.youtube.com/watch?v=YwX4UyXnhz0
  https://clangbuiltlinux.github.io/CBL-meetup-2020-slides/glider/Fighting_uninitialized_memory_%40_CBL_Meetup_2020.pdf
  http://www.antipope.org/charlie/blog-static/2022/11/decision-fatigue.html
- bpf:
  https://ebpf.io/
  https://www.brendangregg.com/blog/2021-07-03/how-to-add-bpf-observability.html  https://qmonnet.github.io/whirl-offload/2021/09/23/bpftool-features-thread/
  https://github.com/iovisor/bcc
  https://old.reddit.com/r/golang/comments/ww57pq/has_anyone_had_any_luck_with_ebpf_libraries/
  https://pkg.go.dev/github.com/cilium/ebpf
  https://github.com/dropbox/goebpf
  (plus kernel docs)
- gpg keys, 2021:
  https://musigma.blog/2021/05/09/gpg-ssh-ed25519.html
- compression: huffman coding vs arithmetic coding versus asymmetric
  number system compared to shannon entropy (`H(X) = -Σ p(x) log_2(p(x))`)
  https://neptune.ai/blog/lossless-data-compression-using-arithmetic-encoding-in-python-and-its-applications-in-deep-learning
  (zstd rfc, which uses ans)
  (zlib compression doc)
  https://kedartatwawadi.github.io/post--ANS/
- fun paradoxes:
  condorcet paradox
  simpsons paradox
  anscoms quartet
  base rate fallacy
  "law of small numbers" from "thinking fast and slow": http://psychology.iresearchnet.com/social-psychology/decision-making/law-of-small-numbers/
  selection bias (elections and polling)
- retro gaming handhelds: psp, 2dsxl, rg350m, rgb10 max
- lvm thin provisioning (see notes from x1.txt and linked gist)
- log4j and dependency usefulness as a function of time for projects
- postgres tiny tricks
  - CTEs as optimization barrier:
    https://old.reddit.com/r/programming/comments/suyidt/a_hairy_postgresql_incident/hxdvwl4/
  - `~* ANY(string_to_array(?))` (comment in reddit w/json array)
  - pub/sub?
  - domains instead of repeated check constraints
  - trigger `TG_ARGV`
  - trigger `REFERENCING ... AS` (newer PG)
  - `COMMENT ON` ...
  - `LISTEN/NOTIFY`?
  - timestamptz, long timezone names aware of DST
  - RETURNING
  - GENERATED STORED tsvector (bookman)
- compare and contrast cyclonedx vs spdx
  - (at the moment i like cyclonedx more, it seems less ad-hoc)
  - https://cyclonedx.org/docs/1.4/json/
  - https://github.com/spdx/spdx-examples/blob/master/example3/spdx/example3-bin.spdx
  - go parsers for both are available:
    - https://github.com/spdx/tools-golang
    - https://github.com/CycloneDX/cyclonedx-go
- needed in a package manager
  - organizational namespacing
    scoped gems: <https://github.com/rubygems/rfcs/pull/40>
  - signing and/or global subdb
    <https://blog.tidelift.com/the-state-of-package-signing-across-package-managers>
  - declarative install (go)
    rationale: <https://blog.phylum.io/phylum-discovers-dozens-more-pypi-packages-attempting-to-deliver-w4sp-stealer-in-ongoing-supply-chain-attack>
  - typosquatting (see sqo vulns from may email)
  - starsquatting (requests, phpass): https://medium.com/checkmarx-security/typosquatting-attack-on-requests-one-of-the-most-popular-python-packages-3b0a329a892d
  - ref: https://kerkour.com/rust-crate-backdoor
  - (related, semver is garbage)
    <https://www.linode.com/blog/security/linode-security-digest-rubygems-and-rsyslogs-vulnerabilities/>
    <https://earthly.dev/blog/programming-language-improvements/>
    <https://alexgaynor.net/2021/oct/07/whats-in-a-version-number/>
  - (problems w/ go modules)
  - ruby gems not solving the right problem with 2fa:
    <https://blog.rubygems.org/2022/08/22/mfa-ui-only-removed.html>
  - go1 and GODEBUG
    <https://github.com/golang/go/discussions/55090>
  - motherfucking package managers
    <http://michael.orlitzky.com/articles/motherfuckers_need_package_management.xhtml>
- radare2, ghidra
- what would git look like with modern hash (sha-512/256/blake3), data
  formats (msgpack/protobuf), compression (zstd), language (rust,
  go), and crypto (ed25519)?
  https://lwn.net/Articles/898522/
  https://gist.github.com/dvinciguerra/972a36bac9322d6d98328bad327154ca
  https://msgpack.org/
  https://git-scm.com/book/en/v2/Git-Internals-Git-Objects
  steal ideas from fossil:
  https://fossil-scm.org/home/doc/trunk/www/fossil-v-git.wiki
  bad ideas:
  https://matt-rickard.com/what-comes-after-git/
- f2p nonsense:
  <https://old.reddit.com/r/gamedev/comments/vqlcx9/game_devs_who_have_earned_have_you_found_more/>
  <https://en.wikipedia.org/wiki/Star_Traders:_Frontiers>
  https://www.rockpapershotgun.com/star-traders-frontiers-review#comments
  (plus the shitty star traders game that's free)
    https://github.com/blind-coder/SpaceTrader
    https://bitbucket.org/brucelet/space-trader/src/master/app/src/main/java/com/brucelet/spacetrader/
  and the 70s one w/ source:
    https://en.wikipedia.org/wiki/Star_Trader
- markovian (golang markov chain generator)
  (~/git/test/go/markovian)
- hq (~/git/hq)
- secure C wiki is confluence!?!?
  <https://wiki.sei.cmu.edu/confluence/display/c/SEI+CERT+C+Coding+Standard>
- fuzzing (afl)
  <https://www.fuzzingbook.org/>
  <https://wfuzz.readthedocs.io/en/latest/>
- update mathyd add link to texbox/texoid:
  <https://pypi.org/project/texoid/>
- golang opencl:
  https://eli.thegreenplace.net/2021/a-comprehensive-guide-to-go-generate/
  https://github.com/KhronosGroup/OpenCL-Docs/blob/main/xml/cl.xml
- duktape vs quickjs (vs mujs?)
  - lots of mujs stuff on nvd
- math: multinomial (stars and bars, # of moves on a chess board,
  multinomial coefficient, etc), de moir dice problem
  <https://en.wikipedia.org/wiki/Stars_and_bars_(combinatorics)>
  ref: Introduction to Probability with Statistical Applications, ch 2.5
  1e10/81 (1234567890.1234567890)
  gambler's ruin (intro to prob, ch 3.5)
  constant-time fibonacci
- fzf, ripgrep
- https://krebsonsecurity.com/2022/08/the-security-pros-and-cons-of-using-email-aliases/
  (email aliases, suggest whitelist instead of blacklist)
- bad defaults:
  - nullable in code/db (see also: <https://carlineng.com/?postid=sql-critique#blog>)
  - mutable variables
  - fallthrough in switch
- create openssl 3.x provider, see:
  https://www.openssl.org/docs/manmaster/man7/provider.html
  (could use pt-aes, pt-chacha20, md4, md5, sha2, etc)
- summary of minification work w/ links to posts, reference this
  article:
  https://endtimes.dev/why-your-website-should-be-under-14kb-in-size/
- minikube vs k3s (https://minikube.sigs.k8s.io/docs/handbook/)
- on passwords (crypto training, https://arstechnica.com/civis/viewtopic.php?f=2&t=1486155&p=41174039#p41174039)
  - lots of bad info floating around (see comments of
    https://arstechnica.com/information-technology/2022/08/plex-imposes-password-reset-after-hackers-steal-data-for-15-million-users/
    https://old.reddit.com/r/programming/comments/wxx674/password_management_firm_lastpass_was_hacked_two/
    etc
  - passkeys (good replacement, too complicated internally)
  - owasp password security cheat sheet, fips 183?
- compare sanitizer api, dompurify, fastest htmlesc
- tiny-binaries redux w/go 1.20, point out grype scanner output for
  minimal images
- browser addons:
  (ublock origin)
  https://arstechnica.com/gadgets/2022/09/beloved-browser-extension-acquired-by-non-beloved-antivirus-firm/?comments=1
  <https://consentomatic.au.dk/>
  cosmetic filter example:
  https://github.com/gorhill/uBlock/wiki/Procedural-cosmetic-filters
  <https://rubyweekly.com/issues/620>
  ##table.item:has(p.name > .tag-sponsor)
- try out various lsms
- systemd hardening
- heat pump (pictures/heat-pump-20220930)
- <https://insideevs.com/news/509767/tesla-model3-control-arm-fix/>
- `curl|bash` is madness
- gosec vs govulncheck
  https://github.com/securego/gosec
  https://www.pixelstech.net/article/1667102060-Secure-Your-Go-Code-With-Vulnerability-Check-Tool
- comment on efficiency of compilers
  p58 of <http://bitsavers.trailing-edge.com/pdf/stanford/cs_techReports/STAN-CS-76-562_EarlyDevelPgmgLang_Aug76.pdf>
  ref: stackexchange comment linked from <https://old.reddit.com/r/programming/comments/ygnhs0/rip_kathleen_booth_the_inventor_of_assembly/>
- thoughts on social networks
  (decentralized, federated)
- <https://www.w3.org/TR/activitypub/#uploading-media>
- <https://instances.social/admin>
- <https://www.linode.com/docs/guides/install-mastodon-on-debian-10/>
- <https://blog.joinmastodon.org/2018/07/how-to-make-friends-and-verify-requests/>
- <https://socialhub.activitypub.rocks/pub/guide-for-new-activitypub-implementers>
- "taxonomy is the lowest form of academia"
  <https://commandcenter.blogspot.com/2012/06/less-is-exponentially-more.html>
- thoughts on tesla: <https://digbysblog.net/2022/11/27/elon-musk-remembered-for-tech-he-destroyed/>
- try out pgsodium:
  <https://github.com/michelp/pgsodium>
- aegis authenticator dance w/ tablet
  <https://github.com/beemdevelopment/Aegis>
  (including installing lineage 20)
- fix-enterprise-episodes.rb
- imagecompare (flex:git/go/test/imagecompare)
- don't expose ssh (imap)
- bloom filter and salted hashes rather than raw db of info:
  <https://www.bleepingcomputer.com/news/security/us-no-fly-list-shared-on-a-hacking-forum-government-investigating/>
- ascon references to lessons learned
  (nonce resistance, aead, xof, refs to keccak and sha2, stream cipher,
  other stuff in paper, see ref, pqc)
  https://csrc.nist.gov/CSRC/media/Projects/lightweight-cryptography/documents/finalist-round/updated-spec-doc/ascon-spec-final.pdf
- wasm vs ebpf
  (see comments here https://lwn.net/Articles/909095/#Comments)
- machine learning vulns (see vulns 2022-06)
- chacha20 intel intrinsics
- good book: primes: a computational approach (crandall primes)
- pi-apalooza (pis found while looking for ethernet spool)
- flex bookworm update (details in notes)
- z3-sudoku (github sudoku-solver)
- c impls of poly1305, siphash
- post like this talking about renewable stuff (solar, heat pump,
  water heater, dryer): https://gizmodo.com/emission-impossible-two-reporters-tried-to-ditch-natur-1851362650
- enshittification
  - extjs (sencha)
  - docker (podman)
  - chrome (firefox)
  - google (ddg)
  - terraform (opentofu)
  - hudson/jenkins, openoffice/libreoffice
  - redhat (centos, rocky, almalinux)
  - vim (neovim)
  - windows (11, telemetry)
  - sorta: elasticsearch (opensearch), redis
  - reddit, stackoverflow
- my tools
  - vim: (2 pragbooks vim books, vimhelp.org, learnvimthehardway)
  - irssi
  - screen
  - mutt/offlineimap/notmuch
  - irb (show irbrc w/3.x mods)
  - git (gitconfig w aliases)
  - bash?
  - perf
  - wireguard
  - minify, imagemagick/gm, pngquant
  - meson?
  - postgres, sqlite
  - firefox (ublock origin, tab stash, firefox sync)
  - gnome (extensions: hidetopbar, workspace matrix)
  - programming languages
    - go
    - ruby
    - c
    - python
    - assembly
    - js (es2015)
- svgbob and ollama
- compare signify, age, and minisign:
  https://flak.tedunangst.com/post/signify
  https://blog.gtank.cc/modern-alternatives-to-pgp/
  https://github.com/FiloSottile/age
- many flavors of chacha
  - number of rounds (chacha8 v chacha20)
  - rfc vs original paper (counter and nonce size)
  - poly1305 (aead)
  - xchacha (larger nonce)
- language:
  https://www.orwellfoundation.com/the-orwell-foundation/orwell/essays-and-other-works/politics-and-the-english-language/

## linkdump (2022-08-10):
- css bg fade:
  <file:///data/home/pabs/git/test/html/css-bg-fade/index.html>
  <https://developer.mozilla.org/en-US/docs/Web/HTML/Link_types/preload>
- https://www.mgaudet.ca/technical/2022/8/9/faster-ruby-thoughts-from-the-outside
- https://www.fuzzingbook.org/
- https://security.googleblog.com/2022/05/retrofitting-temporal-memory-safety-on-c.html
- allocation in go: https://medium.com/eureka-engineering/understanding-allocations-in-go-stack-heap-memory-9a2631b5035d
  (src: <https://old.reddit.com/r/golang/comments/wl7qyx/when_writing_functions_when_should_i_pass_by/iju1bhs/>)
- http://www.linguistic-antipatterns.com/
- https://arstechnica.com/tech-policy/2022/08/us-approves-google-plan-to-let-political-emails-bypass-gmail-spam-filter/?comments=1
- https://brandur.org/fragments/go-wishlist-2022
- https://www.tbray.org/ongoing/When/202x/2022/03/26/Is-5G-BS
- https://teddit.net/
- https://www.privacytools.io/#frontend
- https://github.com/zedeus/nitter
- https://snapdrop.net/#
- https://news.ycombinator.com/item?id=11071754
- https://research.nccgroup.com/2022/08/08/implementing-the-castryck-decru-sidh-key-recovery-attack-in-sagemath/
- https://research.nccgroup.com/2022/08/11/detecting-dns-implants-old-kitten-new-tricks-a-saitama-case-study/
- https://research.nccgroup.com/2022/08/16/wheel-of-fortune-outcome-prediction-taking-the-luck-out-of-gambling/
- https://carlineng.com/?postid=sql-critique#blog
- https://www.openssl.org/blog/blog/2022/08/24/FIPS-validation-certificate-issued/
- constant-time fibonacci: https://specbranch.com/posts/const-fib/
- https://specbranch.com/posts/common-perf-numbers/
- (reminds me of "tyranny of metrics"): <https://old.reddit.com/r/programming/comments/x37u7k/be_goodargumentdriven_not_datadriven/>
- chebyshev, taylor series: <https://specbranch.com/posts/faster-div8/>
- <https://jacobian.org/2022/sep/9/quality-is-systemic/> and <https://www.youtube.com/watch?v=ckBfbvOXDvU>
- <https://github.com/minimaxir/big-list-of-naughty-strings>
- <https://github.com/hsutter/cppfront>
- <https://developers.redhat.com/articles/2022/09/17/gccs-new-fortification-level#2__better_fortification_coverage>
- page-fault weird machine:
  <https://www.cs.dartmouth.edu/~sws/pubs/bbss13.pdf>
  <https://cleantechnica.com/2022/09/19/you-have-questions-about-electric-cars-we-have-answers-part-3/>
  <https://swagitda.com/blog/posts/securing-the-supply-chain-of-nothing/>
  <https://www.simpleanalytics.com/blog/denmark-declares-google-analytics-unlawful>
- <https://alexn.org/blog/2022/09/22/proprietary-environments-are-a-trap/>
- <https://jakewharton.com/report-card-java-19-and-the-end-of-kotlin/>
- <https://old.reddit.com/r/programming/comments/xrblwd/google_programmers_how_one_idiot_hired_a_couple/>
  (search effect, link to you are not so smart)
  <https://ueokande.github.io/go-slice-tricks/>
- gba ghidra: <https://wrongbaud.github.io/posts/kong-vs-ghidra/>
- finding bugs w/ fuzzers (kernel): <https://lwn.net/Articles/909245/#fuzz>
- impl semaphores in rust <https://neosmart.net/blog/2022/implementing-truly-safe-semaphores-in-rust/>
- <https://www.postgresql.org/about/news/postgresql-15-released-2526/>
- <https://www.imperialviolet.org/2022/09/22/passkeys.html>
- <https://github.com/uutils/coreutils>
- <https://wazero.io/>
- <https://www.intruder.io/research/in-guid-we-trust>
- <https://arstechnica.com/information-technology/2022/10/passkeys-microsoft-apple-and-googles-password-killer-are-finally-here/>
- <https://old.reddit.com/r/programming/comments/yd8pix/information_for_decisionmakers_considering_the/>
- <https://www.unep.org/resources/emissions-gap-report-2022>
- <https://www.theregister.com/2022/10/29/kathleen_booth_obit/>
- <https://www.lawfareblog.com/securing-open-source-software-act-good-whatever-happened-legal-liability>
- go: <https://commandcenter.blogspot.com/2012/06/less-is-exponentially-more.html>
- <https://arstechnica.com/information-technology/2022/11/half-of-computer-repairs-result-in-snooping-of-sensitive-data-study-finds/>
- mastodon:
- <https://johnresig.com/blog/twitter-mastodon/>
- <https://www.tbray.org/ongoing/When/202x/2022/11/26/Bye-Twitter>
- jq255e: <https://research.nccgroup.com/2022/11/21/a-jq255-elliptic-curve-specification-and-a-retrospective/>
- <https://www.vox.com/future-perfect/23489211/replication-crisis-project-meta-science-psychology>
- <https://www.lawyersgunsmoneyblog.com/2022/12/artificial-not-intelligent>
- <https://neugierig.org/software/blog/2022/12/chrome.html>
- learning hierarchy: <https://addyosmani.com/blog/blooms-taxonomy/>
- <https://lerner.co.il/2022/12/11/my-week-with-chatgpt/>
- <https://www.theatlantic.com/newsletters/archive/2022/11/sam-bankman-fried-ftx-crypto-effective-altruism/672247/>
- <https://www.qisforquantum.org/> h/t <https://www.scientificamerican.com/article/will-quantum-computing-ever-live-up-to-its-hype/>
- try out <https://github.com/wustho/epy>
- ruby w/o rails <https://news.ycombinator.com/item?id=34354129>
- leanchess: <https://leanchess.github.io/>
- c23:
  <https://gustedt.wordpress.com/2022/12/18/checked-integer-arithmetic-in-the-prospect-of-c23/>
  <https://queue.acm.org/detail.cfm?id=3588242>
- chatgpt <https://www.jwz.org/blog/2023/02/the-bullshit-fountain/>
- bitslicing <https://timtaubert.de/blog/2018/08/bitslicing-an-introduction/>
- pqc parameter debates (kyber, turboshake, dilithium)
- <https://paulgeorgiou.org/post/2023/05/sbox-cryptanalysis/>
- <https://ratfactor.com/forth/the_programming_language_that_writes_itself.html>
- <https://www.mattb.nz/w/2023/06/02/calling-time-on-dnssec/>
- "another look at  " (15 years of...): <https://www.math.uwaterloo.ca/~ajmeneze/anotherlook/>
- <https://current.workingdirectory.net/posts/2023/enough-about-ai/>
- <https://mirrors.edge.kernel.org/pub/linux/kernel/people/paulmck/perfbook/perfbook.html>
- <https://www.sevarg.net/2023/03/25/why-people-hate-tech/>
- 4 pillars of program analysis (slide 5):
  <https://llvm.org/devmtg/2020-09/slides/Using_the_clang_static_ananalyzer_to_find_bugs.pdf>
- cracking old password
  <https://arstechnica.com/information-technology/2024/05/researchers-crack-11-year-old-password-recover-3-million-in-bitcoin/>
- privacy policy:
  <https://www.jwz.org/blog/2024/06/your-personal-information-is-very-important-to-us/>
- ai dropkick
  <https://ludic.mataroa.blog/blog/i-will-fucking-piledrive-you-if-you-mention-ai-again/>

## done
- add project folders
- add redirect for old rss links (check error.log)
- sidebar: github
- sidebar: other sites
- post: model 3
- post: https://pmdn.org/password-strength/
- tensorflow/docker/libvirt setup (see v4-notes)
- raspberry pi tensorflow benchmark results
- bev ranges (github bev-ranges repo / chart)
- sha2 (https://git.pablotron.org/sha2/, maybe push to github?)
- pi4-bench (https://pmdn.org/pi4-bench/)
- keybase (sidebar only)
- mathy
- stm32f103c8t6 fun
- weather-sage
- nft setup (pmdn, laptop)
- table shortcode (`hugo-shortcode-table`)
- removed `script-src unsafe-inline`, A+ score on securityheaders
- fix RSS to show full feed
- feedbloater
- wireguard notes
- birthday paradox
- mathyd (repo + examples)
- really tiny docker images, based on this post:
  https://forums.somethingawful.com/showthread.php?noseen=0&threadid=2389159&perpage=40&pagenumber=865#post520151251
  https://nathanotterness.com/2021/10/tiny_elf_modernized.html
  (created repo: https://github.com/pablotron/tiny-binaries)
- rust 1.59.9 stripped binaries (update)
  - https://blog.rust-lang.org/2022/02/24/Rust-1.59.0.html#creating-stripped-binaries
- CSP-friendly golang coverage reports (see note from k3-notes.txt about
  relaxing CSP for `pmdn.org/coverage/`)
  - https://cs.opensource.google/go/go/+/master:src/cmd/cover/html.go
  - "replace `style='display: none` with `.hide` (shrink html, improve
    CSP handling)"
  - "add sha256 hash for `<style>`"
  - "add sha256 hash for `<script>`"
  - "add `<meta http-equiv='content-security-policy' ...>`?"
- installed/tried tinygo for building wasm
  - 3M to 300k for hello world, ~120k w/ gzip
  - https://tinygo.org/getting-started/install/linux/
  - https://blog.suborbital.dev/foundations-wasm-in-golang-is-fantastic
  - see notes in ~/git/test/go/wasm/
- HTML escaping benchmarks (`git/fastest-js-html-escape`)
- go-import support <https://go.dev/ref/mod#vcs-find>
- solar panels
- jqueries (pablotron/jqueries)
- site: comment idea: http://donw.io/post/github-comments/
- site: enable mathjax for articles:
  <https://bwaycer.github.io/hugo_tutorial.hugo/tutorials/mathjax/>
  <http://docs.mathjax.org/en/latest/output/svg.html>
  (alternative, render mathjax as SVG via CLI) (this is what i'm doing,
  with mathyd)
- solar (pmdn.org/solar)
- pico w
  (temperature sensor sucks)
  (micropython is great)
  (flashing is easy)
  (led toggling, wifi)
  (looking at building outdoor sensor and submitting to weather.gov
  cwop, see <https://madis.noaa.gov/madis_cwop.shtml>)
- combinations and permutations article (partial)
- first dominion bill with solar panels (incentives, etc)
- tested pngcrush, optipng, and pngquant
  - sort: pngquant < optipng < pngcrush
- abandoned, never going to do:
  - weather charts
  - micromeet
  - teslacam-merge
  - jenkins pipeline, blue ocean, Jenkinsfile notes
  - bfb64
  - jiffy
  - bf-dynasm
- dark mode: <https://livecodestream.dev/post/a-better-approach-to-dark-mode-on-your-website/>
  quick: <https://gist.github.com/pablotron/4a9a63434a61334f044c8922c48fe8ed>
  ref: <https://bulma.io/2019/10/15/light-dark-colors/>
- switched to duckduckgo.com (covered in firefox article)
  (fast, configurable, dark mode, better privacy)
- animated svg, another example here (added in site-backend):
  - <https://old.reddit.com/r/programming/comments/t45aqe/5_things_you_dont_need_javascript_for/>
- pe-figure and pe-picture shortcodes (added in site-backend)
- YUGE site JS savings (briefly covered in site-backend)
  - 27 bytes, ~8.8% unminified size reduction
  - notes in header of `themes/hugo-pt2021/assets/script.js`
  - over the network size (inc deflate and headers) went from
    450 bytes to 374 bytes for a 76 byte reduction (~16.9%)
- summary of shrinkage (static site, minification, figures with multiple
  sources, mod deflate, mod brotli, http2, adjusting content types)
  - using hugo to strip bulma to minimum required components
  - see minification (above)
  - see pe-figure, pe-picture (above)
  - see imagemagick webp command (above)
  - see js shrinkage (above)
  - see k3-notes.txt for info on brotli
  - headers
  - build hooks?
  - go-import support <https://go.dev/ref/mod#vcs-find>
  - rel=me for mastodon
- use svgmin and imagemagick (webp/avif) (in site-backend, sorta)
  convert -quality 100 -define webp:lossless=true llvmweekly-new.{png,webp}
  convert -quality 100 -define heic:lossless=true llvmweekly-new.{png,avif}
- using matplotlib for charts (added in site-backend)
- investigate sendBeacon() (abandoned)
  https://developer.mozilla.org/en-US/docs/Web/API/Navigator/sendBeacon
- dk-sort
- svg csp exception (added in site-backend)