# Site TODO **Note:** This is the `TODO.md` from the old Jekyll backend, so some of this stuff may not make any sense. ## general * replace `` in old posts with `{{< figure >}}` (partial work done on stuff `>= 2019`) * fix broken links in posts * import files * add "music" somewhere ("songs", keep pmdn.org for personal stuff) * add sticky footer: https://css-tricks.com/couple-takes-sticky-footer/ ## projects * gemboree * themble ## posts * animated svg, another example here: - * fast document search: postgres fts, `pg_trgm`, and tika (git/test/sift) (richard asked about this on 2019-07-22, so +1) - sqlite3 fts search * monthly link sweep? * pi notes * k3 notes * compiler surprises: https://godbolt.org/z/ZQbZ2R * model 3 (3 months, notes, cost per mile comparison) * temperature sensors (see SA post, add bit about "meat"): https://forums.somethingawful.com/showthread.php?threadid=3468084&userid=0&perpage=40&pagenumber=176#post494884256 * weather charts * micromeet * sensortron * teslacam-merge * jenkins pipeline, blue ocean, Jenkinsfile notes * meson-junit * bf-dynasm * bfb64 * pwasm * jiffy * RewriteMap/docker (gist) * ev-crash-course (~/git/ev-crash-course) * ev articles * pocket-jim * ccs/nuclear/hydrogen is a scam * 2021 bev ranges * thoughts on "relevance of classic fuzz testing" * https://neverworkintheory.org/2021/10/01/the-relevance-of-classic-fuzz-testing.html * "law of small numbers": http://psychology.iresearchnet.com/social-psychology/decision-making/law-of-small-numbers/ * full paper: https://neverworkintheory.org/2021/10/01/the-relevance-of-classic-fuzz-testing.html * legacy debian (hamm): http://archive.debian.org/debian/dists/hamm/main/binary-i386/base/ * things i noticed: * possible small set giving extreme outliers * dash is not /bin/sh on all linuxes (only debian-based distros) * wonder about overall size of base installs (base rate fallacy) * summary of rust conclusion seems suspect and different than content of paper itself * detailed results are interesting * my tools 2021 (vim, irssi, screen, mutt/offlineimap/notmuch, irb, git, bash) * buttcoin: * https://www.theonion.com/man-who-lost-everything-in-crypto-just-wishes-several-t-1848764551 * tulip mania * nerd sniping https://www.jwz.org/blog/2022/01/mozilla-blinked/ https://www.wired.com/story/theres-no-good-reason-to-trust-blockchain-technology/ (nicholas weaver article) https://blog.yossarian.net/2021/12/05/Blockchains-dont-solve-problems-that-are-interesting-to-me https://thecorrespondent.com/655/blockchain-the-amazing-solution-for-almost-nothing/86714927310-8f431cae (not great technically) https://www.usenix.org/publications/loginonline/web3-fraud https://web3isgoinggreat.com/ https://www.schneier.com/blog/archives/2022/04/de-anonymizing-bitcoin.html https://www.salon.com/2022/07/19/cryptomining-uses-a-disturbing-amount-of-energy-lawmakers-find_partner/ * syzkaller/syzbot: https://www.youtube.com/watch?v=YwX4UyXnhz0 https://clangbuiltlinux.github.io/CBL-meetup-2020-slides/glider/Fighting_uninitialized_memory_%40_CBL_Meetup_2020.pdf * bpf: https://ebpf.io/ https://www.brendangregg.com/blog/2021-07-03/how-to-add-bpf-observability.html https://qmonnet.github.io/whirl-offload/2021/09/23/bpftool-features-thread/ https://github.com/iovisor/bcc https://old.reddit.com/r/golang/comments/ww57pq/has_anyone_had_any_luck_with_ebpf_libraries/ https://pkg.go.dev/github.com/cilium/ebpf https://github.com/dropbox/goebpf (plus kernel docs) * gpg keys, 2021: https://musigma.blog/2021/05/09/gpg-ssh-ed25519.html * compression: huffman coding vs arithmetic coding versus asymmetric number system compared to shannon entropy (`H(X) = -Σ p(x) log_2(p(x))`) https://neptune.ai/blog/lossless-data-compression-using-arithmetic-encoding-in-python-and-its-applications-in-deep-learning (zstd rfc, which uses ans) (zlib compression doc) https://kedartatwawadi.github.io/post--ANS/ * fun paradoxes: condorcet paradox simpsons paradox anscoms quartet base rate fallacy "law of small numbers" from "thinking fast and slow": http://psychology.iresearchnet.com/social-psychology/decision-making/law-of-small-numbers/ * retro gaming handhelds: psp, 2dsxl, rg350m, rgb10 max * lvm thin provisioning (see notes from x1.txt and linked gist) * log4j and dependency usefulness as a function of time for projects * good week for EVs * r1t car o' the year * ioniq 5 pricing and reviews * ford f150 lightninght battery sizes * 500 fedex EV delivery trucks arrived * https://www.nytimes.com/2022/01/17/business/electric-vehicles-europe.html * https://cleantechnica.com/2022/01/24/electric-campers-coming-from-airstream-winnebago-mercedes/ * https://www.tbray.org/ongoing/When/202x/2022/01/22/Three-Jaguar-Years * switched to duckduckgo.com (fast, configurable, dark mode, better privacy) * use svgmin and imagemagick (webp/avif) convert -quality 100 -define webp:lossless=true llvmweekly-new.{png,webp} convert -quality 100 -define heic:lossless=true llvmweekly-new.{png,avif} * pe-figure and pe-picture shortcodes * postgres tiny tricks - CTEs as optimization barrier: https://old.reddit.com/r/programming/comments/suyidt/a_hairy_postgresql_incident/hxdvwl4/ - `~* ANY(string_to_array(?))` (comment in reddit w/json array) - pub/sub? - domains instead of repeated check constraints - trigger `TG_ARGV` - trigger `REFERENCING ... AS` (newer PG) - `COMMENT ON` ... - `LISTEN/NOTIFY`? - timestamptz, long timezone names aware of DST - RETURNING * compare and contrast cyclonedx vs spdx - (at the moment i like cyclonedx more, it seems less ad-hoc) - https://cyclonedx.org/docs/1.4/json/ - https://github.com/spdx/spdx-examples/blob/master/example3/spdx/example3-bin.spdx - go parsers for both are available: - https://github.com/spdx/tools-golang - https://github.com/CycloneDX/cyclonedx-go * investigate sendBeacon() https://developer.mozilla.org/en-US/docs/Web/API/Navigator/sendBeacon * YUGE site JS savings - 27 bytes, ~8.8% unminified size reduction - notes in header of `themes/hugo-pt2021/assets/script.js` - over the network size (inc deflate and headers) went from 450 bytes to 374 bytes for a 76 byte reduction (~16.9%) * needed in a package manager - organizational namespacing scoped gems: - signing and/or global subdb - declarative install (go) - typosquatting (see sqo vulns from may email) - starsquatting (requests, phpass): https://medium.com/checkmarx-security/typosquatting-attack-on-requests-one-of-the-most-popular-python-packages-3b0a329a892d - ref: https://kerkour.com/rust-crate-backdoor - (related, semver is garbage) - (problems w/ go modules) - ruby gems not solving the right problem with 2fa: - go1 and GODEBUG * radare2, ghidra * what would git look like with modern hash (sha-512/256/blake3), data formats (msgpack/protobuf), compression (zstd), language (rust, go), and crypto (ed25519)? https://lwn.net/Articles/898522/ https://gist.github.com/dvinciguerra/972a36bac9322d6d98328bad327154ca https://msgpack.org/ https://git-scm.com/book/en/v2/Git-Internals-Git-Objects steal ideas from fossil: https://fossil-scm.org/home/doc/trunk/www/fossil-v-git.wiki bad ideas: https://matt-rickard.com/what-comes-after-git/ * try vim9 * f2p nonsense: https://www.rockpapershotgun.com/star-traders-frontiers-review#comments (plus the shitty star traders game that's free) https://github.com/blind-coder/SpaceTrader https://bitbucket.org/brucelet/space-trader/src/master/app/src/main/java/com/brucelet/spacetrader/ and the 70s one w/ source: https://en.wikipedia.org/wiki/Star_Trader * markovian (golang markov chain generator) (~/git/test/go/markovian) * hq (~/git/hq) * secure C wiki is confluence!?!? * write about go-import support * fuzzing (afl) * update mathyd add link to texbox/texoid: * golang opencl: https://eli.thegreenplace.net/2021/a-comprehensive-guide-to-go-generate/ https://github.com/KhronosGroup/OpenCL-Docs/blob/main/xml/cl.xml * duktape vs quickjs (vs mujs?) * math: multinomial (stars and bars, # of moves on a chess board, multinomial coefficient, etc), de moir dice problem ref: Introduction to Probability with Statistical Applications, ch 2.5 1e10/81 (1234567890.1234567890) gambler's ruin (intro to prob, ch 3.5) * fzf, ripgrep - https://krebsonsecurity.com/2022/08/the-security-pros-and-cons-of-using-email-aliases/ (email aliases, suggest whitelist instead of blacklist) - bad defaults: - nullable in code/db (see also: ) - mutable variables - fallthrough in switch - create openssl 3.x provider, see: https://www.openssl.org/docs/manmaster/man7/provider.html (could use pt-aes, pt-chacha20, md4, md5, sha2, etc) - summary of minification work w/ links to posts, reference this article: https://endtimes.dev/why-your-website-should-be-under-14kb-in-size/ - minikube vs k3s (https://minikube.sigs.k8s.io/docs/handbook/) - on passwords (crypto training, https://arstechnica.com/civis/viewtopic.php?f=2&t=1486155&p=41174039#p41174039) - lots of bad info floating around (see comments of https://arstechnica.com/information-technology/2022/08/plex-imposes-password-reset-after-hackers-steal-data-for-15-million-users/ https://old.reddit.com/r/programming/comments/wxx674/password_management_firm_lastpass_was_hacked_two/ etc - compare sanitizer api, dompurify, fastest htmlesc - summary of shrinkage (static site, minification, figures with multiple sources, mod deflate, mod brotli, http2, adjusting content types) - using hugo to strip bulma to minimum required components - see to minification (above) - see to pe-figure, pe-picture (above) - see imagemagick webp command (above) - see js shrinkage (above) - see k3-notes.txt for info on brotli - headers - build hooks? - tiny-binaries redux w/go 1.19, point out grype scanner output for minimal images - browser addons: (ublock origin) https://arstechnica.com/gadgets/2022/09/beloved-browser-extension-acquired-by-non-beloved-antivirus-firm/?comments=1 cosmetic filter example: https://github.com/gorhill/uBlock/wiki/Procedural-cosmetic-filters ##table.item:has(p.name > .tag-sponsor) - try out various lsms - systemd hardening linkdump (2022-08-10): - css bg fade: - https://www.mgaudet.ca/technical/2022/8/9/faster-ruby-thoughts-from-the-outside - https://www.fuzzingbook.org/ - https://security.googleblog.com/2022/05/retrofitting-temporal-memory-safety-on-c.html - machine learning vulns (see vulns 2022-06) - allocation in go: https://medium.com/eureka-engineering/understanding-allocations-in-go-stack-heap-memory-9a2631b5035d (src: ) - http://www.linguistic-antipatterns.com/ - https://arstechnica.com/tech-policy/2022/08/us-approves-google-plan-to-let-political-emails-bypass-gmail-spam-filter/?comments=1 - https://brandur.org/fragments/go-wishlist-2022 - https://www.tbray.org/ongoing/When/202x/2022/03/26/Is-5G-BS - https://teddit.net/ - https://www.privacytools.io/#frontend - https://github.com/zedeus/nitter - https://snapdrop.net/# - https://news.ycombinator.com/item?id=11071754 - https://research.nccgroup.com/2022/08/08/implementing-the-castryck-decru-sidh-key-recovery-attack-in-sagemath/ - https://research.nccgroup.com/2022/08/11/detecting-dns-implants-old-kitten-new-tricks-a-saitama-case-study/ - https://research.nccgroup.com/2022/08/16/wheel-of-fortune-outcome-prediction-taking-the-luck-out-of-gambling/ - https://carlineng.com/?postid=sql-critique#blog - https://www.openssl.org/blog/blog/2022/08/24/FIPS-validation-certificate-issued/ - constant-time fibonacci: https://specbranch.com/posts/const-fib/ - https://specbranch.com/posts/common-perf-numbers/ - (reminds me of "tyranny of metrics"): - chebyshev, taylor series: - and - - - - page-fault weird machine: - - - (search effect, link to you are not so smart) ## done * add project folders * add redirect for old rss links (check error.log) * sidebar: github * sidebar: other sites * post: model 3 * post: https://pmdn.org/password-strength/ * tensorflow/docker/libvirt setup (see v4-notes) * raspberry pi tensorflow benchmark results * bev ranges (github bev-ranges repo / chart) * sha2 (https://git.pablotron.org/sha2/, maybe push to github?) * pi4-bench (https://pmdn.org/pi4-bench/) * keybase (sidebar only) * mathy * stm32f103c8t6 fun * weather-sage * nft setup (pmdn, laptop) * table shortcode (`hugo-shortcode-table`) * removed `script-src unsafe-inline`, A+ score on securityheaders * fix RSS to show full feed * feedbloater * wireguard notes * birthday paradox * mathyd (repo + examples) * really tiny docker images, based on this post: https://forums.somethingawful.com/showthread.php?noseen=0&threadid=2389159&perpage=40&pagenumber=865#post520151251 https://nathanotterness.com/2021/10/tiny_elf_modernized.html (created repo: https://github.com/pablotron/tiny-binaries) * rust 1.59.9 stripped binaries (update) - https://blog.rust-lang.org/2022/02/24/Rust-1.59.0.html#creating-stripped-binaries * CSP-friendly golang coverage reports (see note from k3-notes.txt about relaxing CSP for `pmdn.org/coverage/`) - https://cs.opensource.google/go/go/+/master:src/cmd/cover/html.go - "replace `style='display: none` with `.hide` (shrink html, improve CSP handling)" - "add sha256 hash for `