Update

Author: alopatindev

_config.yml

@@ -135,6 +135,7 @@ theme_settings:
   nostr:
     enabled: true
     npub: npub1alptdev5srcw2hxg03567p4k6xs3lgj7f6545suc0rzp0xw98svse7rg94
+    nprofile: nprofile1qqswls4kuk2gpu89tny8c6d0q6mdrggl5f0ya226gwv833qhn8zncxgprpmhxue69uhkummnw3ezucm0v3hkuctxwshxxmmdqywhwumn8ghj7mn0wd68yttsw43zuam9d3kx7unyv4ezumn9wsq3vamnwvaz7tmjv4kxz7fwdehhxarj9e3xzmnyrks2sw
     community: codonaft
     max_comment_length: 5000
     min_read_pow: 7

_do.cr

@@ -72,14 +72,16 @@ MIRROR_FROM_TO = [
 
 USER_AGENT = "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/135.0.0.0 Safari/537.36"
 
+NAMESERVER = "1.1.1.1"
+
 def main
   repo_dir = Path[File.dirname(File.realpath(__FILE__))]
   Dir.cd(repo_dir)
 
   ps = processes()
-  check(ps)
-
   config = YAML.parse(File.read(MAIN_SITE_CONFIG))
+  check(config, ps)
+
   if ARGV.empty? || ARGV.includes?("-h") || ARGV.includes?("--help")
     usage
   elsif ARGV.size == 1 && ARGV[0] == "sync"
@@ -483,10 +485,20 @@ def health(config)
 
   all_hosts().each { |host|
     step(host)
+
     ssh(host, ["sudo /etc/init.d/nginx checkconfig", "sudo hdparm -t /dev/sd[a-z] | sed \"s!.*= !!\""], tty: true)
+
+    distro_version = alpine_version(host)
+    latest_distro_version = YAML.parse(HTTP::Client.get("https://dl-cdn.alpinelinux.org/alpine/latest-stable/releases/x86_64/latest-releases.yaml").body)[0]["version"].as_s
+    warn("alpine #{host} version #{distro_version} != #{latest_distro_version}") unless distro_version == latest_distro_version
   }
 
-  warn("github commit hash is different\n") unless JSON.parse(HTTP::Client.get("https://api.github.com/repos/codonaft/codonaft.github.io/commits").body)[0]["sha"].as_s == `git rev-parse HEAD`.strip
+  commits = JSON.parse(HTTP::Client.get("https://api.github.com/repos/codonaft/codonaft.github.io/commits").body)
+  if commits.as_a?.nil?
+    error("#{commits["message"]}\n")
+  else
+    warn("github commit hash is different\n") unless commits[0]["sha"].as_s == `git rev-parse HEAD`.strip
+  end
 
   banlists =
     if nonempty_exists?(BANLISTS) && File.info(BANLISTS).modification_time + 1.days > Time.utc
@@ -521,8 +533,6 @@ def health(config)
     warn("#{broken_post_urls.size} broken post URLs: #{broken_post_urls}\n")
   end
 
-  check_domain(site_url)
-
   bancheck = "_bancheck.txt"
   custom_hosts =
     if File::Info.readable?(bancheck)
@@ -558,7 +568,7 @@ def health(config)
     .reject { |i| i.empty? }
     .map { |i| URI.parse(i) }
     .reject { |i| i.hostname.nil? || i.hostname == "localhost" } + relay_mirrors
-  wss_uris = (trackers + other_relays + `git grep --only-matching 'wss://[a-zA-Z0-9/._-]*'`
+  wss_uris = (trackers + other_relays + `git grep --only-matching 'wss://[a-zA-Z0-9/._-]*' | grep -vE '(^|/)(relays|allowed|blocked)\\.json'`
     .split('\n')
     .map { |i| i.strip.gsub(/.*wss:\/\//, "") }
     .reject { |i| i.empty? || IGNORE_HOSTS.any? { |ignored| i.includes?(ignored) } }
@@ -576,20 +586,22 @@ def health(config)
       print("#{i} ")
       check_icmp(i)
       check_ban(i, banlists)
-      puts
-    }
-    wss_uris.each { |i|
-      print("#{i} ")
-      check_ban(i.hostname.not_nil!, banlists)
-      check_ws(i, proxy)
+      check_domain(i)
       puts
     }
     https_hosts.each { |i|
       https_uri = URI.parse("https://#{i}")
       check_certificate(https_uri, proxy)
+      # TODO: check_response_code(https_uri, proxy)
       check_ech(https_uri)
       puts
     }
+    wss_uris.each { |i|
+      print("#{i} ")
+      check_ban(i.hostname.not_nil!, banlists)
+      check_ws(i, proxy)
+      puts
+    }
   })
 end
 
@@ -692,12 +704,13 @@ def check_certificate(host : URI, proxy : URI)
   end
 end
 
-def check_domain(url : URI)
-  domain = url.hostname
+def check_domain(domain)
+  return unless domain.count('.') == 1
+  puts
   print("domain #{domain} expires on ")
   time = `whois #{domain}`
     .split("\n")
-    .select { |i| i.includes?("Expiry Date:") || i.includes?("Expiration Date:") }
+    .select { |i| i.includes?("Expiry Date:") || i.includes?("Expiration Date:") || i.includes?("paid-till:") }
     .map { |i|
       start = i.index(": ")
       if start.nil?
@@ -710,7 +723,8 @@ def check_domain(url : URI)
     .map { |i| Time.parse_rfc3339(i.not_nil!) }
     .min
   print_expiration(time)
-  puts
+  print("  ")
+  print_dnssec_status(domain)
 end
 
 def check_ban(host : String, banlists : Set(String))
@@ -720,7 +734,7 @@ def check_ban(host : String, banlists : Set(String))
 end
 
 def resolve_domain(host) : Array(String)
-  `nslookup #{host}`
+  `nslookup #{host} #{NAMESERVER}`
     .split('\n')
     .skip(3)
     .select { |i| i.starts_with?("Address: ") }
@@ -885,7 +899,7 @@ def is_in_net(ip, net)
   $?.success?
 end
 
-def check(ps : Array(Tuple(Int64, String)))
+def check(config, ps : Array(Tuple(Int64, String)))
   current_ps_name = "/#{Path[__FILE__].basename}"
   raise "other instance keeps running" if ps
                                             .select { |(_, i)| i.includes?("crystal") && i.includes?(current_ps_name) }
@@ -902,6 +916,11 @@ def check(ps : Array(Tuple(Int64, String)))
     .map { |i| i.split(':')[0] }
     .select { |i| File.read(i).includes?('\n') }
   raise "unexpected newline in #{files_with_unexpected_newlines}" unless files_with_unexpected_newlines.empty?
+
+  nostr_config = config["theme_settings"]["nostr"]
+  npub = nostr_config["npub"].as_s
+  nprofile = nostr_config["nprofile"].as_s
+  raise "#{npub} is not #{nprofile}" unless decode_pk(npub)[0] == decode_pk(nprofile)[0]
 end
 
 def build_rust_app(
@@ -928,9 +947,8 @@ def build_rust_app(
   trace("building #{crate}\n")
   Dir.mkdir_p(bin_dir, 0o755)
 
-  alpine_version = ssh(host, ["cat /etc/alpine-release"])
-  alpine_version = ALPINE_VERSION if alpine_version.empty?
-  warn("alpine #{host} version #{alpine_version} != alpine build version #{ALPINE_VERSION}") unless alpine_version == ALPINE_VERSION
+  distro_version = alpine_version(host)
+  warn("alpine #{host} version #{distro_version} != alpine build version #{ALPINE_VERSION}") unless distro_version == ALPINE_VERSION
   target_cpu = TARGET_CPU[host]
 
   cargo_args =
@@ -949,7 +967,7 @@ def build_rust_app(
     .join("\n")
 
   system(<<-STRING
-    podman run --rm -it -v "#{bin_dir}:/build" "alpine:#{alpine_version}" /bin/sh -c "
+    podman run --rm -it -v "#{bin_dir}:/build" "alpine:#{distro_version}" /bin/sh -c "
     set -xeuo pipefail
 
     apk add --update --no-cache 'cargo>=#{RUST_VERSION}' 'rust>=#{RUST_VERSION}' || {
@@ -1827,6 +1845,11 @@ def git_ls(dir : Path)
     .to_set
 end
 
+def alpine_version(host : String)
+  version = ssh(host, ["cat /etc/alpine-release"])
+  version.empty? ? ALPINE_VERSION : version
+end
+
 def nonempty_exists?(path : Path)
   File.file?(path) && !File.empty?(path)
 end
@@ -1844,6 +1867,17 @@ def print_expiration(time)
   end
 end
 
+def print_dnssec_status(domain)
+  valid = ["A", "AAAA"].all? { |qtype|
+    `delv @#{NAMESERVER} #{domain} #{qtype}`.split("\n").includes?("; fully validated")
+  }
+  if valid
+    ok("dnssec is ok")
+  else
+    error("invalid dnssec")
+  end
+end
+
 def trace(text)
   Colorize.with.dark_gray.surround(STDOUT) do
     puts(text)

_hosts/media.codonaft/etc/nginx/http.d/media.conf

@@ -136,7 +136,7 @@ server {
 
 upstream tracker {
   server 127.0.0.1:3443;
-  server [::ffff:127.0.0.1]:3443;
+  #server [::ffff:127.0.0.1]:3443;
 }
 
 #map $ssl_early_data $tls1_3_early_data {

_includes/footer.html

@@ -13,7 +13,8 @@
   <ul>
    <li><a href="{% if page.lang-en-uri %}{{ page.lang-en-uri }}{% else %}/{% endif %}">&#127760; EN</a></li>
    <li><a href="{% if page.lang-ru-uri %}{{ page.lang-ru-uri }}{% else %}/ru{% endif %}">&#127760; RU</a></li>
-   <li><a href="/terms-and-privacy">⚖️ Terms + Privacy</a></li>
+   <li><a href="/sponsor">&#9889; Sponsor</a></li>
+   <li><a href="/terms-and-privacy">&#9878; Terms + Privacy</a></li>
   </ul>
  </div>
 

_includes/icons.html

@@ -80,7 +80,7 @@
 {% endif %}
 
 {% if site.theme_settings.nostr %}
-<li><a href="https://yakihonne.com/users/{{ site.theme_settings.nostr.npub }}" title="Nostr" target="_blank">{% include icons/nostr.svg %}</a></li>
+<li><a href="https://coracle.social/people/{{ site.theme_settings.nostr.nprofile }}" title="Nostr" target="_blank">{% include icons/nostr.svg %}</a></li>
 {% endif %}
 
 {% if site.theme_settings.instagram %}

_posts/2018-01-14-how-to-take-notes-like-a-programmer.md

@@ -134,7 +134,7 @@ Another approach could be a use of some tricky **fuzzy search** engine.
 
 **UPDATE**: Actually the problem was my confusion about
 the [terminology](https://en.wikipedia.org/wiki/Quantile#Specialized_quantiles).
-So in *this* case the right solution is to add «quantile» keyword.
+So in *this* case the right solution is to add "quantile" keyword.
 
 ### Update Structure According to Your Mind Image
 Suppose you ain't able to find your note quickly, **even manually**. Possible reasons:

_posts/2024-09-26-installing-alpine-linux-on-pain-in-the-ass-hosting-providers.md

@@ -34,10 +34,10 @@ iso="alpine-virt-${VERSION}-${ARCH}.iso"
 url="${MIRROR}/v${short_version}/releases/${ARCH}/${iso}"
 
 apt -y install wget
-wget "${url}" "${url}.sha256" "${url}.asc" "https://alpinelinux.org/keys/ncopa.asc"
+wget "${url}"{,.sha256,.asc} "https://alpinelinux.org/keys/ncopa.asc"
 sha256sum -c "${iso}.sha256"
 gpg --import < ncopa.asc
-gpg --verify "${iso}.asc" "${iso}"
+gpg --verify "${iso}"{.asc,}
 
 mount -t iso9660 "${iso}" /mnt
 cp -a /mnt/* /

_sass/includes/_share_buttons.scss

@@ -65,9 +65,9 @@ ul.share-buttons {
 
 @keyframes pulse {
   from {
-    opacity: 0.7;
+    opacity: 1;
   }
   to {
-    opacity: 1;
+    opacity: 0.7;
   }
 }

pages/sponsor.md

@@ -161,9 +161,16 @@ Proprietary software they make is currently at its peak of
 [manipulative](https://www.reddit.com/r/paypal/comments/1hfg3jr/paypal_refuses_to_change_to_local_currency_at/)
 [practices](https://youtu.be/citnomJHr6I).
 
+These "solutions" are no longer usable, at least not
+[without](https://github.com/ungoogled-software/ungoogled-chromium#readme)
+[tons](https://github.com/OhMyGuus/I-Still-Dont-Care-About-Cookies#readme)
+[of](https://github.com/dessant/buster#readme)
+[heavy](https://github.com/nang-dev/hover-paywalls-browser-extension#readme)
+[workarounds](https://github.com/jswanner/DontF-WithPaste#readme)!
+
 [They](https://youtu.be/7LqaotiGWjQ?t=3426s) are so stuck
 in capitalistic [values](https://www.snopes.com/fact-check/sony-patent-mcdonalds)
-that barely leave room for long-term delivery of *real* innovations and positive life quality changes.
+and self-defense that they barely leave room for long-term delivery of *real* innovations and positive life quality changes.
 
 Typical "new" software products are not new; it's basically blind mediocre ideas copy-pasting.
 Truly new software should attempt to introduce innovations that
@@ -178,9 +185,9 @@ When these companies make something that *seems* to be healthy and innovative—
 Independent FOSS developers can do something better. I'm targeting the following **principles**:
 - **Distraction Minimization**
     - 🧠 software must be [mentally](https://www.ncbi.nlm.nih.gov/pmc/articles/PMC4183915/) [ecological](https://youtu.be/Iy7i9ru7HB8?t=15s) and intuitive; it should never intentionally <a href="/how-to-take-notes-like-a-programmer/#whats-the-point" target="_blank">interrupt</a> the creative process!
-    - 🚫 no more popup traps, mental resource-wasting on CAPTCHA [imitation](https://futurism.com/ai-model-turing-test), sudden unwanted tutorials, [absurdly](https://www.facebook.com/help/124895950923762) <span class='no-wrap'>over-detailed</span> manuals and so on!
+    - 🚫 no more mental resource-wasting on popup traps, CAPTCHA [{% include span_with_tooltip.html large="true" body="imitation" tooltip="CAPTCHA is useless: bots basically became indistinguishable from humans.<br>Time to change strategy: unexpected spammy load should be transformed into useful computations, with no harm to users, environment, or even businesses!" %}](https://futurism.com/ai-model-turing-test), sudden unwanted tutorials, absurdly <span class='no-wrap'>over-detailed</span> [{% include span_with_tooltip.html large="true" body="manuals" tooltip="Stop building the outdated and overcomplicated UI!<br>Well-designed, intuitive, AI-driven software <i>ideally</i> doesn't require any documentation!" %}](https://www.facebook.com/help/124895950923762) and so on!
 - **Data Sovereignty**
-    - 🔒 *you* own your data, not third parties!
+    - 🔒 *you* own your [data](https://martin.kleppmann.com/2019/10/23/local-first-at-onward.html), not third parties!
 
 {::options parse_block_html="false" /}
 </div>

ru/pages/sponsor.md

@@ -162,8 +162,15 @@ lang-en-uri: /sponsor/
 [манипулятивных](https://www.reddit.com/r/paypal/comments/1hfg3jr/paypal_refuses_to_change_to_local_currency_at/)
 <a href="/ru/ideas-for-foss-projects/?t=975" target="_blank">практик</a>.
 
+Этими «решениями» уже стало невыносимо пользоваться, по крайней
+[мере](https://github.com/jswanner/DontF-WithPaste#readme)
+[без](https://github.com/ungoogled-software/ungoogled-chromium#readme)
+[кучи](https://github.com/OhMyGuus/I-Still-Dont-Care-About-Cookies#readme)
+[тяжеловесных](https://github.com/dessant/buster#readme)
+[костылей](https://github.com/nang-dev/hover-paywalls-browser-extension#readme)!
+
 [Они](https://youtu.be/7LqaotiGWjQ?t=3426s) слишком зациклились
-на капиталистических [ценностях](https://www.snopes.com/fact-check/sony-patent-mcdonalds),
+на капиталистических [ценностях](https://www.snopes.com/fact-check/sony-patent-mcdonalds) и самозащите,
 едва ли оставляя возможность длительно предоставлять *реальные* инновации и позитивные изменения качества жизни.
 
 Типичные «новые» программные продукты на самом деле не новые — это в основном слепое копирование идей сомнительного качества.
@@ -181,9 +188,9 @@ lang-en-uri: /sponsor/
 
 - **Минимизация отвлечения внимания**
     - 🧠 ПО должно быть [экологичным](https://www.ncbi.nlm.nih.gov/pmc/articles/PMC4183915/) [ментально](https://youtu.be/Iy7i9ru7HB8?t=15s) и понятным интуитивно; оно никогда не должно намеренно <a href="/how-to-take-notes-like-a-programmer/#whats-the-point" target="_blank">прерывать</a> творческий процесс!
-    - 🚫 больше никаких всплывающих ловушек, трат ментальных ресурсов на решение [имитации](https://futurism.com/ai-model-turing-test) CAPTCHA, внезапных нежелательных туториалов, [абсурдно](https://www.facebook.com/help/124895950923762) подробных руководств и так далее!
+    - 🚫 больше никаких трат ментальных ресурсов на всплывающие ловушки, [{% include span_with_tooltip.html large="true" body="имитацию" tooltip="Капча бесполезна: боты в основном уже <span class='no-wrap'>неотличимы от людей.</span><br>Время сменить стратегию: потенциально спамную нагрузку нужно превращать в полезные вычисления, не причиняя вред ни пользователям, ни окружающей среде, ни даже бизнесам!" %}](https://futurism.com/ai-model-turing-test) CAPTCHA, внезапные нежелательные туториалы, абсурдно подробные [{% include span_with_tooltip.html large="true" body="руководства" tooltip="Хватит плодить устаревшие и переусложненные UI!<br>Хорошо спроектированное и интуитивно-понятное ПО с ИИ <i>в идеале</i> вообще не нуждается в документации!" %}](https://www.facebook.com/help/124895950923762) и так далее!
 - **Суверенитет данных**
-    - 🔒 *ты* владеешь своими данными, а не третьи лица!
+    - 🔒 *ты* владеешь своими [данными](https://martin.kleppmann.com/2019/10/23/local-first-at-onward.html), а не третьи лица!
 
 {::options parse_block_html="false" /}
 </div>