# Site TODO

**Note:** This is the `TODO.md` from the old Jekyll backend, so some of
this stuff may not make any sense.

## general
* replace `<img>` in old posts with `{{< figure >}}` (partial work
  done on stuff `>= 2019`)
* fix broken links in posts
* import files
* comment idea: http://donw.io/post/github-comments/
* add "music" somewhere ("songs", keep pmdn.org for personal stuff)
* add sticky footer:
  https://css-tricks.com/couple-takes-sticky-footer/
* enable mathjax for articles:
  https://bwaycer.github.io/hugo_tutorial.hugo/tutorials/mathjax/
  http://docs.mathjax.org/en/latest/output/svg.html
  (alternative, render mathjax as SVG via CLI)

## projects
* ft2-ruby
* gemboree
* themble

## posts
* animated svg, another example here:
  - <https://old.reddit.com/r/programming/comments/t45aqe/5_things_you_dont_need_javascript_for/>
* fast document search: postgres fts, `pg_trgm`, and tika (git/test/sift)
  (richard asked about this on 2019-07-22, so +1)
  - sqlite3 fts search
* monthly link sweep?
* pi notes
* k3 notes
* compiler surprises: https://godbolt.org/z/ZQbZ2R
* model 3 (3 months, notes, cost per mile comparison)
* temperature sensors (see SA post, add bit about "meat"): https://forums.somethingawful.com/showthread.php?threadid=3468084&userid=0&perpage=40&pagenumber=176#post494884256
* weather charts
* micromeet
* sensortron
* teslacam-merge
* jenkins pipeline, blue ocean, Jenkinsfile notes
* meson-junit
* bf-dynasm
* bfb64
* pwasm
* jiffy
* RewriteMap/docker (gist)
* ev-crash-course (~/git/ev-crash-course)
* ev articles
* pocket-jim
* ccs/nuclear/hydrogen is a scam
* 2021 bev ranges
* thoughts on "relevance of classic fuzz testing"
  * https://neverworkintheory.org/2021/10/01/the-relevance-of-classic-fuzz-testing.html
  * "law of small numbers": http://psychology.iresearchnet.com/social-psychology/decision-making/law-of-small-numbers/
  * full paper: https://neverworkintheory.org/2021/10/01/the-relevance-of-classic-fuzz-testing.html
  * legacy debian (hamm): http://archive.debian.org/debian/dists/hamm/main/binary-i386/base/
  * things i noticed:
    * possible small set giving extreme outliers
    * dash is not /bin/sh on all linuxes (only debian-based distros)
    * wonder about overall size of base installs (base rate fallacy)
    * summary of rust conclusion seems suspect and different than
      content of paper itself
    * detailed results are interesting
* my tools 2021 (vim, irssi, screen, mutt/offlineimap/notmuch, irb, git, bash)
* buttcoin:
  * https://www.theonion.com/man-who-lost-everything-in-crypto-just-wishes-several-t-1848764551
  * tulip mania
  * nerd sniping
  https://www.jwz.org/blog/2022/01/mozilla-blinked/
  https://www.wired.com/story/theres-no-good-reason-to-trust-blockchain-technology/
  (nicholas weaver article)
  https://blog.yossarian.net/2021/12/05/Blockchains-dont-solve-problems-that-are-interesting-to-me
  https://thecorrespondent.com/655/blockchain-the-amazing-solution-for-almost-nothing/86714927310-8f431cae (not great technically)
  https://www.usenix.org/publications/loginonline/web3-fraud
  https://web3isgoinggreat.com/
  https://www.schneier.com/blog/archives/2022/04/de-anonymizing-bitcoin.html
* syzkaller/syzbot:
  https://www.youtube.com/watch?v=YwX4UyXnhz0
  https://clangbuiltlinux.github.io/CBL-meetup-2020-slides/glider/Fighting_uninitialized_memory_%40_CBL_Meetup_2020.pdf
* bpf:
  https://ebpf.io/
  https://www.brendangregg.com/blog/2021-07-03/how-to-add-bpf-observability.html  https://qmonnet.github.io/whirl-offload/2021/09/23/bpftool-features-thread/
  https://github.com/iovisor/bcc
  (plus kernel docs)
* gpg keys, 2021:
  https://musigma.blog/2021/05/09/gpg-ssh-ed25519.html
* compression: huffman coding vs arithmetic coding versus asymmetric
  number system compared to shannon entropy (`H(X) = -Σ p(x) log_2(p(x))`)
  https://neptune.ai/blog/lossless-data-compression-using-arithmetic-encoding-in-python-and-its-applications-in-deep-learning
  (zstd rfc, which uses ans)
  (zlib compression doc)
  https://kedartatwawadi.github.io/post--ANS/
* fun paradoxes:
  condorcet paradox
  simpsons paradox
  anscoms quartet
  base rate fallacy
  "law of small numbers" from "thinking fast and slow": http://psychology.iresearchnet.com/social-psychology/decision-making/law-of-small-numbers/
* retro gaming handhelds: psp, 2dsxl, rg350m, rgb10 max
* lvm thin provisioning (see notes from x1.txt and linked gist)
* log4j and dependency usefulness as a function of time for projects
* good week for EVs
  * r1t car o' the year
  * ioniq 5 pricing and reviews
  * ford f150 lightninght battery sizes
  * 500 fedex EV delivery trucks arrived
  * https://www.nytimes.com/2022/01/17/business/electric-vehicles-europe.html
  * https://cleantechnica.com/2022/01/24/electric-campers-coming-from-airstream-winnebago-mercedes/
  * https://www.tbray.org/ongoing/When/202x/2022/01/22/Three-Jaguar-Years
* switched to duckduckgo.com
  (fast, configurable, dark mode, better privacy)
* use svgmin and imagemagick (webp/avif)
  convert -quality 100 -define webp:lossless=true llvmweekly-new.{png,webp}
  convert -quality 100 -define heic:lossless=true llvmweekly-new.{png,avif}
* pe-figure and pe-picture shortcodes
* postgres tiny tricks
  - CTEs as optimization barrier:
    https://old.reddit.com/r/programming/comments/suyidt/a_hairy_postgresql_incident/hxdvwl4/
  - `~* ANY(string_to_array(?))` (comment in reddit w/json array)
  - pub/sub?
  - domains instead of repeated check constraints
  - trigger `TG_ARGV`
  - trigger `REFERENCING ... AS` (newer PG)
  - `COMMENT ON` ...
  - `LISTEN/NOTIFY`?
  - timestamptz, long timezone names aware of DST
  - RETURNING
- misc go cover improvements
  - add `title` and maybe `aria-label` attributes to relevant elements
  - add option to include external stylesheet?
* compare and contrast cyclonedx vs spdx
  - (at the moment i like cyclonedx more, it seems less ad-hoc)
  - https://cyclonedx.org/docs/1.4/json/
  - https://github.com/spdx/spdx-examples/blob/master/example3/spdx/example3-bin.spdx
  - go parsers for both are available:
    - https://github.com/spdx/tools-golang
    - https://github.com/CycloneDX/cyclonedx-go
* investigate sendBeacon()
  https://developer.mozilla.org/en-US/docs/Web/API/Navigator/sendBeacon
* YUGE site JS savings
  - 27 bytes, ~8.8% unminified size reduction
  - notes in header of `themes/hugo-pt2021/assets/script.js`
  - over the network size (inc deflate and headers) went from
    450 bytes to 374 bytes for a 76 byte reduction (~16.9%)
* css bg fade:
  <file:///data/home/pabs/git/test/html/css-bg-fade/index.html>
  <https://developer.mozilla.org/en-US/docs/Web/HTML/Link_types/preload>
* needed in a package manager
  - organizational namespacing
  - signing and/or global subdb
    <https://blog.tidelift.com/the-state-of-package-signing-across-package-managers>
  - declarative install
  - typosquatting (see sqo vulns from may email)
  - starsquatting (requests, phpass): https://medium.com/checkmarx-security/typosquatting-attack-on-requests-one-of-the-most-popular-python-packages-3b0a329a892d
  - ref: https://kerkour.com/rust-crate-backdoor
  - (related, semver is garbage)
    <https://www.linode.com/blog/security/linode-security-digest-rubygems-and-rsyslogs-vulnerabilities/>
    <https://earthly.dev/blog/programming-language-improvements/>
  - (problems w/ go modules)
* radare2, ghidra
* what would git look like with modern hash (sha-512/256/blake3), data
  formats (msgpack/protobuf), compression (zstd), language (rust,
  go), and crypto (ed25519)?
  https://lwn.net/Articles/898522/
  https://gist.github.com/dvinciguerra/972a36bac9322d6d98328bad327154ca
  https://msgpack.org/
  https://git-scm.com/book/en/v2/Git-Internals-Git-Objects
  steal ideas from fossil:
  https://fossil-scm.org/home/doc/trunk/www/fossil-v-git.wiki
* try vim9
* f2p nonsense:
  <https://old.reddit.com/r/gamedev/comments/vqlcx9/game_devs_who_have_earned_have_you_found_more/>
  <https://en.wikipedia.org/wiki/Star_Traders:_Frontiers>
  https://www.rockpapershotgun.com/star-traders-frontiers-review#comments
  (plus the shitty star traders game that's free)
    https://github.com/blind-coder/SpaceTrader
    https://bitbucket.org/brucelet/space-trader/src/master/app/src/main/java/com/brucelet/spacetrader/
  and the 70s one w/ source:
    https://en.wikipedia.org/wiki/Star_Trader
* markovian (golang markov chain generator)
* secure C wiki is confluence!?!?
  <https://wiki.sei.cmu.edu/confluence/display/c/SEI+CERT+C+Coding+Standard>
* write about go-import support <https://go.dev/ref/mod#vcs-find>
* fuzzing (afl)
  <https://www.fuzzingbook.org/>
  <https://wfuzz.readthedocs.io/en/latest/>
* update mathyd add link to texbox/texoid:
  <https://pypi.org/project/texoid/>

## done
* add project folders
* add redirect for old rss links (check error.log)
* sidebar: github
* sidebar: other sites
* post: model 3
* post: https://pmdn.org/password-strength/
* tensorflow/docker/libvirt setup (see v4-notes)
* raspberry pi tensorflow benchmark results
* bev ranges (github bev-ranges repo / chart)
* sha2 (https://git.pablotron.org/sha2/, maybe push to github?)
* pi4-bench (https://pmdn.org/pi4-bench/)
* keybase (sidebar only)
* mathy
* stm32f103c8t6 fun
* weather-sage
* nft setup (pmdn, laptop)
* table shortcode (`hugo-shortcode-table`)
* removed `script-src unsafe-inline`, A+ score on securityheaders
* fix RSS to show full feed
* feedbloater
* wireguard notes
* birthday paradox
* mathyd (repo + examples)
* really tiny docker images, based on this post:
  https://forums.somethingawful.com/showthread.php?noseen=0&threadid=2389159&perpage=40&pagenumber=865#post520151251
  https://nathanotterness.com/2021/10/tiny_elf_modernized.html
  (created repo: https://github.com/pablotron/tiny-binaries)
* rust 1.59.9 stripped binaries (update)
  - https://blog.rust-lang.org/2022/02/24/Rust-1.59.0.html#creating-stripped-binaries
* CSP-friendly golang coverage reports (see note from k3-notes.txt about
  relaxing CSP for `pmdn.org/coverage/`)
  - https://cs.opensource.google/go/go/+/master:src/cmd/cover/html.go
  - "replace `style='display: none` with `.hide` (shrink html, improve
    CSP handling)"
  - "add sha256 hash for `<style>`"
  - "add sha256 hash for `<script>`"
  - "add `<meta http-equiv='content-security-policy' ...>`?"
* installed/tried tinygo for building wasm
  - 3M to 300k for hello world, ~120k w/ gzip
  - https://tinygo.org/getting-started/install/linux/
  - https://blog.suborbital.dev/foundations-wasm-in-golang-is-fantastic
  - see notes in ~/git/test/go/wasm/
* HTML escaping benchmarks (`git/fastest-js-html-escape`)
* go-import support <https://go.dev/ref/mod#vcs-find>