commit 2a470dfc272c35447f127a175ba91efd31414c21
parent d6ea4e805665d302809aca2880f54732f5130301
Author: Oscar Benedito <oscar@oscarbenedito.com>
Date:   Mon, 10 Aug 2020 13:46:58 +0200

Unify md file formats

They are now cut a line 80 and links are on the bottom of the file. Some
links have also been fixed.

Diffstat:
Mcontent/about.md | 1+
Mcontent/blog/2019-09-09-getting-a-domain.md | 46++++++++++++++++++++++++++++++++++++++++------
Mcontent/blog/2019-09-11-joplin.md | 44++++++++++++++++++++++++++++++++++++++++----
Mcontent/blog/2019-09-23-upgrading-providers.md | 131++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++-------------
Mcontent/blog/2019-10-06-dark-theme.md | 63+++++++++++++++++++++++++++++++++++++++++++++++++++++++++------
Mcontent/blog/2019-10-19-password-manager.md | 83++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++-------------
Mcontent/blog/2019-10-27-ship-scrappy.md | 25+++++++++++++++++++++----
Mcontent/blog/2019-11-04-new-host.md | 49+++++++++++++++++++++++++++++++++++++++++++------
Mcontent/blog/2019-11-10-deploying-website.md | 78+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++-----------
Mcontent/blog/2019-11-17-lineageos-with-microg.md | 76++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++------------
Mcontent/blog/2019-11-24-backups.md | 52+++++++++++++++++++++++++++++++++++++++++++++-------
Mcontent/blog/2019-12-06-composer.md | 80+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++----------
Mcontent/blog/2019-12-15-your-corner-of-the-internet.md | 131+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++----------------
Mcontent/blog/2019-12-24-new-world-of-software.md | 67++++++++++++++++++++++++++++++++++++++++++++++++++++++++++---------
Mcontent/blog/2020-01-12-securing-communications.md | 135++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++-----------------
Mcontent/blog/2020-01-17-documenting-server.md | 60++++++++++++++++++++++++++++++++++++++++++++++++------------
Mcontent/blog/2020-01-25-syncthing.md | 27+++++++++++++++++++++++----
Mcontent/blog/2020-02-12-deploying-hugo-site.md | 99++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++-------------
Mcontent/blog/2020-02-23-sharing-a-secret.pdc | 94++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++---------------
Mcontent/blog/2020-03-01-new-domain-name.md | 8++++++--
Mcontent/blog/2020-03-02-types-of-networks.md | 79+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++----------
Mcontent/blog/2020-03-12-lightweight-website.md | 55++++++++++++++++++++++++++++++++++++++++++++++++-------
Mcontent/blog/2020-03-21-lighter-website.md | 61++++++++++++++++++++++++++++++++++++++++++++++++++++---------
Mcontent/blog/2020-04-07-on-not-caring-about-your-privacy.md | 3++-
Mcontent/blog/2020-04-18-use-web-feeds.md | 12+++++++++---
Mcontent/blog/2020-05-05-my-journey-through-desktop-environments.md | 14++++++++++----
Mcontent/blog/2020-05-27-blocking-connections-on-android.md | 12+++++++++---
Mcontent/blog/2020-06-23-setting-up-a-personal-git-server.md | 21+++++++++++----------
Mcontent/blog/_index.md | 1+
Mcontent/blogroll.md | 2++
Mcontent/jsweblabels.html | 1+
31 files changed, 1348 insertions(+), 262 deletions(-)

diff --git a/content/about.md b/content/about.md @@ -32,6 +32,7 @@ source code in the [JavaScript Web Labels page][jswl]. You can contact me sending me an email to [oscar@oscarbenedito.com][email]. + [hetzner]: <https://www.hetzner.com> "Hetzner" [gpl]: <https://www.gnu.org/licenses/gpl-3.0.html> "GNUGeneral Public License version 3" [cc-by]: <https://creativecommons.org/licenses/by/4.0/> "Creative Commons Attribution 4.0 International License" diff --git a/content/blog/2019-09-09-getting-a-domain.md b/content/blog/2019-09-09-getting-a-domain.md @@ -1,17 +1,51 @@ --- title: "Getting my own domain name" categories: "Incidental" -tags: ["Personal domain", "DNS Record"] +tags: [ + "Personal domain", + "DNS Record" +] lastmod: 2020-03-01 --- -After thinking about getting my own domain name for a while and letting the thought rest for a couple of months, I finally bought one. It is a very easy and inexpensive process, and I am happy I did it. The original idea was to set up my email with it, so I could change my email provider without changing the address (I am in the process of changing my provider, and it takes a lot of effort), but having a domain name opens a world of opportunities. + +After thinking about getting my own domain name for a while and letting the +thought rest for a couple of months, I finally bought one. It is a very easy and +inexpensive process, and I am happy I did it. The original idea was to set up my +email with it, so I could change my email provider without changing the address +(I am in the process of changing my provider, and it takes a lot of effort), but +having a domain name opens a world of opportunities. *** -Although I had known about how to get a domain for a while, I didn't have much experience on which companies were "better" or "worse" (since I only needed a domain but no hosting, I am not sure why a company could give me a more appealing offer, since prices are the same in all websites). I finally decided to go with [Gandi.net](https://www.gandi.net) because a known site uses it, I had heard about it on the [Fediverse](https://en.wikipedia.org/wiki/Fediverse), and it looked like a good and reliable company. The hardest part was figuring out which domain I wanted, once that was decided, buying it took around 5 minutes. +Although I had known about how to get a domain for a while, I didn't have much +experience on which companies were "better" or "worse" (since I only needed a +domain but no hosting, I am not sure why a company could give me a more +appealing offer, since prices are the same in all websites). I finally decided +to go with [Gandi.net][g] because a known site uses it, I had heard about it on +the [Fediverse][f], and it looked like a good and reliable company. The hardest +part was figuring out which domain I wanted, once that was decided, buying it +took around 5 minutes. + +Since I had never seen a DNS record before, configuring my email provider was a +little trickier. My provider gave me some lines to copy and paste into the +record, but they needed some modification in order to work, so it took me a +little while to figure it out. The next part was setting a landing page for my +domain: if someone saw my email address and wanted to check what +[obenedito.org][org] was all about, I didn't want them to get a 404. So I +designed a very simple page with my name and a link to my email address and one +to my GitLab account. Since I don't have a home server or a VPS, I decided to +host my page on GitLab (basically because it's free and I don't need a dynamic +website). I once again had some trouble setting up the GitLab custom domain—the +lines I was given to add to the record weren't the ones I actually needed to +add, so that took a bit to figure out as well. + +I still have a lot to learn about how DNS records work (for instance the +difference between a type A or CNAME entry), but, for now, it works just fine. -Since I had never seen a DNS record before, configuring my email provider was a little trickier. My provider gave me some lines to copy and paste into the record, but they needed some modification in order to work, so it took me a little while to figure it out. The next part was setting a landing page for my domain: if someone saw my email address and wanted to check what [obenedito.org](https://obenedito.org) was all about, I didn't want them to get a 404. So I designed a very simple page with my name and a link to my email address and one to my GitLab account. Since I don't have a home server or a VPS, I decided to host my page on GitLab (basically because it's free and I don't need a dynamic website). I once again had some trouble setting up the GitLab custom domain—the lines I was given to add to the record weren't the ones I actually needed to add, so that took a bit to figure out as well. +*Edit*: My personal domain has been moved to [oscarbenedito.com][com]. -I still have a lot to learn about how DNS records work (for instance the difference between a type A or CNAME entry), but, for now, it works just fine. -*Edit*: My personal domain has been moved to [oscarbenedito.com](https://oscarbenedito.com). +[g]: <https://www.gandi.net> "Gandi" +[f]: <https://en.wikipedia.org/wiki/Fediverse> "Fediverse — Wikipedia" +[org]: <https://obenedito.org> +[com]: <https://oscarbenedito.com> diff --git a/content/blog/2019-09-11-joplin.md b/content/blog/2019-09-11-joplin.md @@ -1,11 +1,47 @@ --- title: "My note taking app: Joplin" categories: "Technology" -tags: ["FOSS", "Software", "Decentralization", "Apps"] +tags: [ + "FOSS", + "Software", + "Decentralization", + "Apps" +] lastmod: 2019-09-24 --- -Two years ago I had an iPhone and, back then, the native "Notes" app worked pretty well for me. However, when I changed to Android I had some trouble finding a similar app or a different one that would fit my needs. For some time I used Google Keep, but I didn't like how the main view would show you the whole note (instead of having only one line per note, which allows more notes to fit in the screen). I changed to Evernote for some time—which was definitely more suited for me—but there were too many ads about getting premium features and, since I didn't need them, I eventually got tired of it. -Back then I already knew what Markdown was, since I had used it to build a website, and I realized that an app with Markdown support could be a very good alternative. I looked around and finally found [Joplin](https://joplinapp.org/), a free/libre and open source app that supported Markdown as well as synchronization—perfect for my needs, since I like having notes backed up in case I lose access to my phone. I have been using it for half a year and so far it has been a great app. I type my notes with Markdown and once I'm done it renders them beautifully. It also lets me backup a copy with Nextcloud which is good since it doesn't force me to do it through Google Drive/Dropbox and on top of that I can set up end-to-end encryption for my backed-up notes! I haven't paid a lot of attention to what algorithm is used to encrypt since I trust my Nextcloud provider, however, I know metadata is not encrypted (I'm guessing to make synchronization faster), but that's fine with me. This also allows me to synchronize my notes with my computer, something that I had never thought would be useful before, but as I use my computer more and more (and my phone less and less), it is becoming very convenient. +Two years ago I had an iPhone and, back then, the native "Notes" app worked +pretty well for me. However, when I changed to Android I had some trouble +finding a similar app or a different one that would fit my needs. For some time +I used Google Keep, but I didn't like how the main view would show you the whole +note (instead of having only one line per note, which allows more notes to fit +in the screen). I changed to Evernote for some time—which was definitely more +suited for me—but there were too many ads about getting premium features and, +since I didn't need them, I eventually got tired of it. -Moreover, since I use it on my computer and I can arrange notes with the use of notebooks, it is becoming more of a personal wiki than a note-taking app. I have a notebook named "Notes", but the remaining notebooks hold information in a less "casual" way. I suppose everyone uses notes that way, but being able to use Markdown allows me to store lots of information in a more convenient way, especially when dealing with links and fragments of code. +Back then I already knew what Markdown was, since I had used it to build a +website, and I realized that an app with Markdown support could be a very good +alternative. I looked around and finally found [Joplin][j], a free/libre and +open source app that supported Markdown as well as synchronization—perfect for +my needs, since I like having notes backed up in case I lose access to my phone. +I have been using it for half a year and so far it has been a great app. I type +my notes with Markdown and once I'm done it renders them beautifully. It also +lets me backup a copy with Nextcloud which is good since it doesn't force me to +do it through Google Drive/Dropbox and on top of that I can set up end-to-end +encryption for my backed-up notes! I haven't paid a lot of attention to what +algorithm is used to encrypt since I trust my Nextcloud provider, however, I +know metadata is not encrypted (I'm guessing to make synchronization faster), +but that's fine with me. This also allows me to synchronize my notes with my +computer, something that I had never thought would be useful before, but as I +use my computer more and more (and my phone less and less), it is becoming very +convenient. + +Moreover, since I use it on my computer and I can arrange notes with the use of +notebooks, it is becoming more of a personal wiki than a note-taking app. I have +a notebook named "Notes", but the remaining notebooks hold information in a less +"casual" way. I suppose everyone uses notes that way, but being able to use +Markdown allows me to store lots of information in a more convenient way, +especially when dealing with links and fragments of code. + + +[j]: <https://joplinapp.org> "Joplin" diff --git a/content/blog/2019-09-23-upgrading-providers.md b/content/blog/2019-09-23-upgrading-providers.md @@ -1,65 +1,154 @@ --- title: "Upgrading to privacy-conscious providers" categories: "Technology" -tags: ["Decentralization", "Encryption", "Privacy"] +tags: [ + "Decentralization", + "Encryption", + "Privacy" +] lastmod: 2019-09-24 --- -I have been reading a lot about decentralization and not depending too much in one company in the past six months and I realized how much I relied on Google: my email, all my files, contacts, calendars, pictures... Most of my data was stored on their servers. This was inconvenient for three reasons: (1) if something was to happen to Google or my account, I would lose a lot of data, (2) Google doesn't use end-to-end encryption, which means that they (and anyone with access to their servers) can see all my files, emails, etc. and (3) Google already uses all this data (and other it collects) to better know my personality. -Some people might think that the main three problems I have with Google aren't that important. In fact, I have used Google for many years because that was my opinion for a long time. However, the more I read about the issue, the more I realize they aren't minor problems. I realized that for me it is worth it to pay $12 or $24 a year in exchange for privacy. If you are still doubting, [this post](https://www.gnu.org/proprietary/malware-google.html) might change your mind. +I have been reading a lot about decentralization and not depending too much in +one company in the past six months and I realized how much I relied on Google: +my email, all my files, contacts, calendars, pictures... Most of my data was +stored on their servers. This was inconvenient for three reasons: (1) if +something was to happen to Google or my account, I would lose a lot of data, (2) +Google doesn't use end-to-end encryption, which means that they (and anyone with +access to their servers) can see all my files, emails, etc. and (3) Google +already uses all this data (and other it collects) to better know my +personality. + +Some people might think that the main three problems I have with Google aren't +that important. In fact, I have used Google for many years because that was my +opinion for a long time. However, the more I read about the issue, the more I +realize they aren't minor problems. I realized that for me it is worth it to pay +$12 or $24 a year in exchange for privacy. If you are still doubting, [this +post][mw] might change your mind. *** Let's see what I needed out of my new providers/configuration: - 1. Control over my data: if something were to happen to my account, it shouldn't affect me too much. - 1. Encrypting my data: end-to-end encryption for my services, so there wasn't a need to "trust" the provider, as well as to avoid any problems in case the servers were compromised—which is not that uncommon. - 1. Privacy: the provider shouldn't be using my data in any way (which is mostly solved with end-to-end encryption). +1. Control over my data: if something were to happen to my account, it shouldn't + affect me too much. +2. Encrypting my data: end-to-end encryption for my services, so there wasn't a + need to "trust" the provider, as well as to avoid any problems in case the + servers were compromised—which is not that uncommon. +3. Privacy: the provider shouldn't be using my data in any way (which is mostly + solved with end-to-end encryption). ### 1. Control over my data -My first problem was easily solvable, I simply needed to back up everything that was on the cloud. That process was pretty easy using [Google's export tool](https://takeout.google.com/). With a few clicks, everything was ready, and I only had to wait for Google to collect all the data and create the file. I'm not sure how much that took, I would say less than an hour, but definitely less than a day (it was a long ago, so I don't remember). - -Selecting all the different services I wanted to export from one page instead of having to go to each service's URL and then select export made the process so much smoother. I was surprised by how easy the export was, and all the data was in convenient files to import to other services: contacts in a VCF file, calendar in an iCal file... which makes a lot of sense, but not all services allow such an easy process to export everything and ready to use in a different service. Fortunately, that was the case, so my next problem was a lot easier to solve. +My first problem was easily solvable, I simply needed to back up everything that +was on the cloud. That process was pretty easy using [Google's export tool][to]. +With a few clicks, everything was ready, and I only had to wait for Google to +collect all the data and create the file. I'm not sure how much that took, I +would say less than an hour, but definitely less than a day (it was a long ago, +so I don't remember). + +Selecting all the different services I wanted to export from one page instead of +having to go to each service's URL and then select export made the process so +much smoother. I was surprised by how easy the export was, and all the data was +in convenient files to import to other services: contacts in a VCF file, +calendar in an iCal file... which makes a lot of sense, but not all services +allow such an easy process to export everything and ready to use in a different +service. Fortunately, that was the case, so my next problem was a lot easier to +solve. ### 2. Encrypting my data -In order to encrypt my content, I needed to find an alternative to a lot of services that Google was offering me (or use tools such as [Cryptomator](https://cryptomator.org/), which was discarded because of problem number 3). And so the search began[^note]. +In order to encrypt my content, I needed to find an alternative to a lot of +services that Google was offering me (or use tools such as [Cryptomator][c], +which was discarded because of problem number 3). And so the search +began[^note]. -[^note]: You can find some of the resources that I found useful [here](/resources/). +[^note]: You can find some of the resources that I found useful [here][r]. #### Email -There are a lot of encrypted mailboxes and there is also the option of self-hosting email. I wasn't interested in managing my own server just for my email, so I had to choose a provider. Many of the sources I checked recommended [Protonmail](https://protonmail.com/) and [Tutanota](https://tutanota.com/), among others. They both looked nice and offered a free tier, so I tried them. After some time, I finally decided to go with Tutanota because of how they approached their user community as well as other details (for instance, their app not using any of the Google Play Services), although it was a hard choice. +There are a lot of encrypted mailboxes and there is also the option of +self-hosting email. I wasn't interested in managing my own server just for my +email, so I had to choose a provider. Many of the sources I checked recommended +[Protonmail][pm] and [Tutanota][tn], among others. They both looked nice and +offered a free tier, so I tried them. After some time, I finally decided to go +with Tutanota because of how they approached their user community as well as +other details (for instance, their app not using any of the Google Play +Services), although it was a hard choice. #### File storage -Most of my files in the cloud were old and not usually needed, they were just online because I used Google Drive as my home folder. The solution was easy: I backed them up on an offline external storage as well as on my computer and deleted them from the cloud. +Most of my files in the cloud were old and not usually needed, they were just +online because I used Google Drive as my home folder. The solution was easy: I +backed them up on an offline external storage as well as on my computer and +deleted them from the cloud. -As for the few files I actually needed online (the ones I use both at home and at college), I now use a USB stick to have them wherever I go, as well as backing them up every once in a while. No need to have them online, and it is faster to plug in a USB stick than log in to Google Drive and download the files (which was what I was doing on all computers running GNU/Linux). +As for the few files I actually needed online (the ones I use both at home and +at college), I now use a USB stick to have them wherever I go, as well as +backing them up every once in a while. No need to have them online, and it is +faster to plug in a USB stick than log in to Google Drive and download the files +(which was what I was doing on all computers running GNU/Linux). -There is one type of file I haven't replaced yet: anything that was shared is still on my Drive (even if other services offer it, for now, I am fine with using Google). +There is one type of file I haven't replaced yet: anything that was shared is +still on my Drive (even if other services offer it, for now, I am fine with +using Google). #### Calendar and contacts -I created an account in a Nextcloud instance for my calendar and contacts. Nextcloud is very intuitive and I like the user interface. There's the [DAVx⁵](https://www.davx5.com/) app that synchronizes them to my phone, so that was an easy choice. Having an account at a Nextcloud instance is also useful in case I want to upload files and it also allows me to sync my [Joplin](https://joplinapp.org/) notes. +I created an account in a Nextcloud instance for my calendar and contacts. +Nextcloud is very intuitive and I like the user interface. There's the +[DAVx⁵][dx] app that synchronizes them to my phone, so that was an easy choice. +Having an account at a Nextcloud instance is also useful in case I want to +upload files and it also allows me to sync my [Joplin][j] notes. #### Search -I thought the search engine would be the hardest service to substitute, however, there are a lot of good alternatives. The one I went for is [DuckDuckGo](https://duckduckgo.com/) which works pretty well and also works if you are connected to the internet through the [Tor network](https://www.torproject.org/). +I thought the search engine would be the hardest service to substitute, however, +there are a lot of good alternatives. The one I went for is [DuckDuckGo][ddg] +which works pretty well and also works if you are connected to the internet +through the [Tor network][tor]. #### Others -I never had to substitute the web browser since I already used [Firefox](https://www.mozilla.org/firefox/), and as for the photo hosting service, I just don't upload them online anymore and I use the [Simple Gallery](https://simplemobiletools.com/) app (you can install it for free from [F-Droid](https://f-droid.org/en/packages/com.simplemobiletools.gallery.pro/)). I also substituted Android's custom ROM, but I will talk about that some other time. +I never had to substitute the web browser since I already used [Firefox][ff], +and as for the photo hosting service, I just don't upload them online anymore +and I use the [Simple Gallery][sg] app (you can install it for free from +[F-Droid][fd]). I also substituted Android's custom ROM, but I will talk about +that some other time. #### Temporarily not replaced -I temporarily haven't replaced one service: Google Maps. Its accuracy is so good that it is hard to match. I have downloaded [OsmAnd](https://osmand.net/), but when searching for public transport routes, I still check Google Maps. +I temporarily haven't replaced one service: Google Maps. Its accuracy is so good +that it is hard to match. I have downloaded [OsmAnd][oa], but when searching for +public transport routes, I still check Google Maps. ### 3. Privacy -When looking for all the new services in order to get end-to-end encryption, I already looked at their policies in relation to privacy, so this problem was solved as well. +When looking for all the new services in order to get end-to-end encryption, I +already looked at their policies in relation to privacy, so this problem was +solved as well. ## Conclusion -It took me some time to make all these changes, especially my phone's operative system and my email address—I still use the old one with a lot of people, I am progressively updating it. Some of the services are hard to replace and it takes time to get used to the new providers. However, if you are interested in getting privacy when sending personal emails or saving files online, it is worth the change. +It took me some time to make all these changes, especially my phone's operative +system and my email address—I still use the old one with a lot of people, I am +progressively updating it. Some of the services are hard to replace and it takes +time to get used to the new providers. However, if you are interested in getting +privacy when sending personal emails or saving files online, it is worth the +change. + + +[mw]: <https://www.gnu.org/proprietary/malware-google.html> "Google's Software is Malware — GNU Project" +[to]: <https://takeout.google.com/> "Takeout — Google" +[c]: <https://cryptomator.org> "Cryptomator" +[r]: </resources/> "Resources — Oscar Benedito" +[pm]: <https://protonmail.com> "Protonmail" +[tn]: <https://tutanota.com> "Tutanota" +[dx]: <https://www.davx5.com> "DAVx5" +[j]: <https://joplinapp.org> "Joplin" +[ddg]: <https://duckduckgo.com> "DuckDuckGo" +[tor]: <https://www.torproject.org> "Tor project" +[ff]: <https://www.mozilla.org/firefox/> "Firefox" +[sg]: <https://www.simplemobiletools.com/gallery/> "Simple Gallery" +[fd]: <https://f-droid.org/en/packages/com.simplemobiletools.gallery.pro/> "Simple Gallery — F-Droid" +[oa]: <https://osmand.net/> "OsmAnd" diff --git a/content/blog/2019-10-06-dark-theme.md b/content/blog/2019-10-06-dark-theme.md @@ -1,14 +1,65 @@ --- title: "Creating a dark theme" categories: "Technology" -tags: ["CSS", "Website"] +tags: [ + "CSS", + "Website" +] --- -The first contact I had with HTML and CSS was about two years ago, when I created my first website along with a friend who already had some experience with them, as well as with JavaScript. We used a premade theme (based on [Bootstrap](https://getbootstrap.com/)), so I didn't really learn much CSS, but I started understanding what was HTML and how it worked. One year later, I wanted to design my own website and I decided to build my own theme. I looked up many CSS frameworks and ended up using [Bulma](https://bulma.io/) because of how simple it is (I didn't need many features for a personal website). It worked pretty well and I had a first contact with CSS and SASS, but when I finally finished my page and released it under my domain, I soon wanted another feature: the possibility to change to a dark theme. -I started looking for dark colors that I liked and I came up with a nice design, now I needed to combine the two designs with a simple toggle JavaScript function. The way I implemented it, the function switched the default CSS file for the one defining the dark theme. However, if you try to change your theme by changing the stylesheet, you will realize that it takes a split of a second for the page to re-render, especially the first time you toggle the theme since it has to download the whole file before rendering the page. It can sound like a minor problem, but it was notable, so I tried to shorten the time needed to toggle the theme. I used a tool (unCSS) that removes unused CSS from a stylesheet, which made the file so much smaller but, although the download time was reduced, the page still took too long to re-render. Looking around online I concluded that my best option was to make only one file using CSS variables, and just change the value by changing HTML elements' classes with the JavaScript function. +The first contact I had with HTML and CSS was about two years ago, when I +created my first website along with a friend who already had some experience +with them, as well as with JavaScript. We used a premade theme (based on +[Bootstrap][bs]), so I didn't really learn much CSS, but I started understanding +what was HTML and how it worked. One year later, I wanted to design my own +website and I decided to build my own theme. I looked up many CSS frameworks and +ended up using [Bulma][b] because of how simple it is (I didn't need many +features for a personal website). It worked pretty well and I had a first +contact with CSS and SASS, but when I finally finished my page and released it +under my domain, I soon wanted another feature: the possibility to change to a +dark theme. -The problem with using variables with Bulma is that it uses SASS functions that given a color, output a different one (and it can't do that if the input color is a variable) so it doesn't *compile*. I tried to change the affected functions with similar ones supported in CSS, but the result wasn't what I wanted, and it changed a lot of things related to Bulma. After some thought, I decided to refrain from using a framework and just create a tailored stylesheet for my website. That would allow me to abandon the unCSS tool—which was pretty inconvenient to use—as well as having a better understanding of my CSS file. +I started looking for dark colors that I liked and I came up with a nice design, +now I needed to combine the two designs with a simple toggle JavaScript +function. The way I implemented it, the function switched the default CSS file +for the one defining the dark theme. However, if you try to change your theme by +changing the stylesheet, you will realize that it takes a split of a second for +the page to re-render, especially the first time you toggle the theme since it +has to download the whole file before rendering the page. It can sound like a +minor problem, but it was notable, so I tried to shorten the time needed to +toggle the theme. I used a tool (unCSS) that removes unused CSS from a +stylesheet, which made the file so much smaller but, although the download time +was reduced, the page still took too long to re-render. Looking around online I +concluded that my best option was to make only one file using CSS variables, and +just change the value by changing HTML elements' classes with the JavaScript +function. -Looking around for simple themes to base my new stylesheet in, I found a couple that, combined, could result in a similar website than the one I had. I based my theme on the [Hugo Paper](https://github.com/nanxiaobei/hugo-paper/) theme (you can see that the cards look very similar) and I added a header (inspired by the [Hugo Grapes](https://github.com/shankar/hugo-grapes/) theme) and a footer. I changed how some elements appeared (such as the tables), I added some more features that I found interesting and I themed it with the colors I wanted. I also used my old site to inspire the new features (especially the header and footer), so it might resemble a site using Bulma, although it is not. +The problem with using variables with Bulma is that it uses SASS functions that +given a color, output a different one (and it can't do that if the input color +is a variable) so it doesn't *compile*. I tried to change the affected functions +with similar ones supported in CSS, but the result wasn't what I wanted, and it +changed a lot of things related to Bulma. After some thought, I decided to +refrain from using a framework and just create a tailored stylesheet for my +website. That would allow me to abandon the unCSS tool—which was pretty +inconvenient to use—as well as having a better understanding of my CSS file. -The process took a lot of time, since learning how everything worked and completely redoing the stylesheet was very time-consuming, however, the result was worth the time. Finally, you can enjoy a dark theme that toggles instantly, and it is now so much easier for me to redesign certain parts of the website, as I know more CSS and have a better understanding of my stylesheet. +Looking around for simple themes to base my new stylesheet in, I found a couple +that, combined, could result in a similar website than the one I had. I based my +theme on the [Hugo Paper][hp] theme (you can see that the cards look very +similar) and I added a header (inspired by the [Hugo Grapes][hg] theme) and a +footer. I changed how some elements appeared (such as the tables), I added some +more features that I found interesting and I themed it with the colors I wanted. +I also used my old site to inspire the new features (especially the header and +footer), so it might resemble a site using Bulma, although it is not. + +The process took a lot of time, since learning how everything worked and +completely redoing the stylesheet was very time-consuming, however, the result +was worth the time. Finally, you can enjoy a dark theme that toggles instantly, +and it is now so much easier for me to redesign certain parts of the website, as +I know more CSS and have a better understanding of my stylesheet. + + +[bs]: <https://getbootstrap.com/> "Bootstrap" +[b]: <https://bulma.io/> "Bulma" +[hp]: <https://github.com/nanxiaobei/hugo-paper/> "Hugo Paper — GitHub" +[hg]: <https://github.com/shankar/hugo-grapes/> "Hugo Grapes — GitHub" diff --git a/content/blog/2019-10-19-password-manager.md b/content/blog/2019-10-19-password-manager.md @@ -1,33 +1,90 @@ --- title: "Switching to a password manager" categories: "Technology" -tags: ["Privacy", "Security"] +tags: [ + "Privacy", + "Security" +] --- -Before I learned about password managers, less than a year ago, having all my passwords on the same place sounded like a really bad idea—if someone managed to get access to "that place", they could log in to all my accounts, to my *online identity*. -As I learned about security (particularly when using the internet), it became a better idea, to the point that I now have used one for over half a year. I use [KeePassXC](https://keepassxc.org/), an offline password manager. I have also been recommended an online alternative ([Bitwarden](https://bitwarden.com/)), although I haven't used it because I would much rather not have my passwords online. +Before I learned about password managers, less than a year ago, having all my +passwords on the same place sounded like a really bad idea—if someone managed to +get access to "that place", they could log in to all my accounts, to my *online +identity*. + +As I learned about security (particularly when using the internet), it became a +better idea, to the point that I now have used one for over half a year. I use +[KeePassXC][kp], an offline password manager. I have also been recommended an +online alternative ([Bitwarden][bw]), although I haven't used it because I would +much rather not have my passwords online. ## Password requirements -Before considering whether having a password manager is worth it or not, it is necessary to expose what I require of my passwords. +Before considering whether having a password manager is worth it or not, it is +necessary to expose what I require of my passwords. - - **Unique passwords for each account**: if one of the sites I use was to be hacked and my password compromised, that should not be a problem for any of my other accounts. I think it is a pretty reasonable requirement if I want to lower the chances of my accounts being accessed by unauthorised parties, however, it makes remembering all my passwords a lot harder. - - **Complex passwords**: my passwords should be hard to guess for a computer. You can imagine what type of password is easy to guess—or you can find examples on [Wikipedia](https://en.wikipedia.org/wiki/Password_strength#Examples_of_weak_passwords)—, however, even if we complicate passwords a little more they are still pretty easy to guess. In the end, what I mean by "complex" is that they should be long [pseudo]randomly-generated passwords that contain letters, numbers and special characters (long being about 16 characters, although normally I use more since adding characters is nearly free of cost when using a password manager). +- **Unique passwords for each account**: if one of the sites I use was to be + hacked and my password compromised, that should not be a problem for any of + my other accounts. I think it is a pretty reasonable requirement if I want to + lower the chances of my accounts being accessed by unauthorised parties, + however, it makes remembering all my passwords a lot harder. +- **Complex passwords**: my passwords should be hard to guess for a computer. + You can imagine what type of password is easy to guess—or you can find + examples on [Wikipedia][wp]—, however, even if we complicate passwords a + little more they are still pretty easy to guess. In the end, what I mean by + "complex" is that they should be long [pseudo]randomly-generated passwords + that contain letters, numbers and special characters (long being about 16 + characters, although normally I use more since adding characters is nearly + free of cost when using a password manager). ## Dealing with complex passwords -Trying to remember passwords that fulfill my requirements gets incredibly hard very quickly (at least in my case). So I eventually realized I needed to rely on something different than my own memory if I wanted unique complex passwords. I had two options: have a physical notebook where I would write my passwords (avoiding the risk of my passwords gotten stolen if my computer was compromised) or use a password manager. +Trying to remember passwords that fulfill my requirements gets incredibly hard +very quickly (at least in my case). So I eventually realized I needed to rely on +something different than my own memory if I wanted unique complex passwords. I +had two options: have a physical notebook where I would write my passwords +(avoiding the risk of my passwords gotten stolen if my computer was compromised) +or use a password manager. -The notebook option was quickly discarded since typing the passwords in would take too much time (as well as writing them down when originally generated). In my case, someone accessing the passwords in my notebook—which is a lot of people's concern—wouldn't be an issue, since the notebook could be kept safe somewhere at home, but this solution just isn't efficient enough for me. +The notebook option was quickly discarded since typing the passwords in would +take too much time (as well as writing them down when originally generated). In +my case, someone accessing the passwords in my notebook—which is a lot of +people's concern—wouldn't be an issue, since the notebook could be kept safe +somewhere at home, but this solution just isn't efficient enough for me. -So using a password manager was a natural solution to manage my passwords. Although there are options to self-host an online password vault, I don't feel confident doing so, that's why I use an offline password manager. All my passwords are organized in folders on an encrypted database, but KeePassXC can do a lot more than that. It can create randomly generated passwords and has an auto-type feature that makes typing 30 character long passwords a breeze. It can also store extra information like [TOTP](https://en.wikipedia.org/wiki/Time-based_One-time_Password_algorithm) keys, but also miscellaneous information, both as an attribute-value pair or as plain-text notes. It has other features you might find useful, these are just the ones I use the most. +So using a password manager was a natural solution to manage my passwords. +Although there are options to self-host an online password vault, I don't feel +confident doing so, that's why I use an offline password manager. All my +passwords are organized in folders on an encrypted database, but KeePassXC can +do a lot more than that. It can create randomly generated passwords and has an +auto-type feature that makes typing 30 character long passwords a breeze. It can +also store extra information like [TOTP][totp] keys, but also miscellaneous +information, both as an attribute-value pair or as plain-text notes. It has +other features you might find useful, these are just the ones I use the most. -On top of that, having a password manager enables me to track all my online accounts, making it easier to spot and remove old unused accounts. +On top of that, having a password manager enables me to track all my online +accounts, making it easier to spot and remove old unused accounts. ## Final comments -There is an option I haven't discussed yet: [Multi-Factor Authentification](https://en.wikipedia.org/wiki/Multi-factor_authentication) (or Two-Factor Authentification). Although it is very useful, a lot of online services still don't offer an option for it and it is easier for me to just use a password manager, however, 2FA might be better suited for you (because it allows you to be less strict on the password requirements while still keeping your accounts safe). +There is an option I haven't discussed yet: [Multi-Factor Authentification][mfa] +(or Two-Factor Authentification). Although it is very useful, a lot of online +services still don't offer an option for it and it is easier for me to just use +a password manager, however, 2FA might be better suited for you (because it +allows you to be less strict on the password requirements while still keeping +your accounts safe). + +On a different note, some might say that it would be unusual for someone to try +and hack my accounts by brute-forcing them (after all, they don't contain +anything useful to a random stranger or entity), and it is probably true, but +that isn't a good enough argument to give up on my security. + +On the whole, I find that using a password manager grants me a lot of useful +tools, while the drawbacks are nearly imperceptible. -On a different note, some might say that it would be unusual for someone to try and hack my accounts by brute-forcing them (after all, they don't contain anything useful to a random stranger or entity), and it is probably true, but that isn't a good enough argument to give up on my security. -On the whole, I find that using a password manager grants me a lot of useful tools, while the drawbacks are nearly imperceptible. +[kp]: <https://keepassxc.org/> "KeePassXC" +[bw]: <https://bitwarden.com/> "Bitwarden" +[wp]: <https://en.wikipedia.org/wiki/Password_strength#Examples_of_weak_passwords> "Examples of weak passwords — Wikipedia" +[totp]: <https://en.wikipedia.org/wiki/Time-based_One-time_Password_algorithm> "TOTP — Wikipedia" +[mfa]: <https://en.wikipedia.org/wiki/Multi-factor_authentication> "Multi-Factor Authentification — Wikipedia" diff --git a/content/blog/2019-10-27-ship-scrappy.md b/content/blog/2019-10-27-ship-scrappy.md @@ -3,6 +3,7 @@ title: "Ship scrappy" categories: "Incidental" subtitle: "I just wanted to post this interesting reflexion, as I tend to make sure everything is 100% perfect before “shipping it”. In some scenarios, this can be good, since you don't want what you are …" --- + > The only choice is to launch before you’re ready.\ > Before it’s perfect.\ > Before it’s 100% proven to be no risk to you.\ @@ -14,10 +15,26 @@ subtitle: "I just wanted to post this interesting reflexion, as I tend to make s > Scrappy is flexible and resilient and ready to learn.\ > Ship scrappy. > -> --- *[Seth's Blog](https://seths.blog/2019/07/scrappy-is-not-the-same-as-crappy/)* +> --- *[Seth's Blog][ss]* + +I just wanted to post this interesting reflexion, as I tend to make sure +everything is 100% perfect before "shipping it". In some scenarios, this can be +good, since you don't want what you are releasing to have any bugs or errors, +but sometimes it is better to publish something yet to be perfected (for +instance, my personal website). + +The publication of my personal website/blog had been postponed for a long time, +waiting for my own approval on every detail. Finally, this summer I read a +couple of articles about just starting a blog, without much preparation, and +then just "seeing how it goes", so I did it (at this point, a big part of the +site was already developed). Not only did I start writing posts and doing other +things I would have probably delayed until other unrelated parts were finished +(like having a dark theme or deciding on the favicon), but I also realized some +of the features that I wanted to implement were not that important. -I just wanted to post this interesting reflexion, as I tend to make sure everything is 100% perfect before "shipping it". In some scenarios, this can be good, since you don't want what you are releasing to have any bugs or errors, but sometimes it is better to publish something yet to be perfected (for instance, my personal website). +If you are waiting to release something, reluctant to publish it because it +might have a bug, maybe you should try to do it—you can always tag it as a work +in progress. -The publication of my personal website/blog had been postponed for a long time, waiting for my own approval on every detail. Finally, this summer I read a couple of articles about just starting a blog, without much preparation, and then just "seeing how it goes", so I did it (at this point, a big part of the site was already developed). Not only did I start writing posts and doing other things I would have probably delayed until other unrelated parts were finished (like having a dark theme or deciding on the favicon), but I also realized some of the features that I wanted to implement were not that important. -If you are waiting to release something, reluctant to publish it because it might have a bug, maybe you should try to do it—you can always tag it as a work in progress. +[ss]: <https://seths.blog/2019/07/scrappy-is-not-the-same-as-crappy/> "'Scrappy' is not the same as 'crappy' — Seth's Blog" diff --git a/content/blog/2019-11-04-new-host.md b/content/blog/2019-11-04-new-host.md @@ -1,14 +1,51 @@ --- title: "New website hosting servers" categories: "Incidental" -tags: ["Website", "Personal website", "Personal domain", "Hosting services", "Autistici/Inventati"] +tags: [ + "Website", + "Personal website", + "Personal domain", + "Hosting services", + "Autistici/Inventati" +] --- -Until yesterday, this website had been hosted by [GitLab](https://gitlab.com/) (using GitLab Pages). For some time now the fact that they used servers owned by Google bothered me, so I have been looking for a new host for a while. -One possibility I looked at was paying for a virtual private server. They aren't particularly expensive, but since the complete website's size is under 1MiB, a whole virtual server is a bit too much. Of course, I could use it to host other services (maybe a private Gitea instance, or a database to backup my files), but those are services that I don't need right now. Besides, I still wouldn't have any power to ensure no IPs of my visitors are logged somewhere, so it wouldn't solve my problems. +Until yesterday, this website had been hosted by [GitLab][gl] (using GitLab +Pages). For some time now the fact that they used servers owned by Google +bothered me, so I have been looking for a new host for a while. -Another option I considered was getting a home server. I would love to learn how to build a server out of nothing, set it up and get it up and running, but I don't want to have a computer running 24&#47;7 at home and, if it was to stop working, my website would be down for some time (until I had spare time to fix it). Indubitably, any server can have downtime, but I trust that volunteers partly dedicated to maintaining servers will be able to fix issues before I can do it myself. +One possibility I looked at was paying for a virtual private server. They aren't +particularly expensive, but since the complete website's size is under 1MiB, a +whole virtual server is a bit too much. Of course, I could use it to host other +services (maybe a private Gitea instance, or a database to backup my files), but +those are services that I don't need right now. Besides, I still wouldn't have +any power to ensure no IPs of my visitors are logged somewhere, so it wouldn't +solve my problems. -So I had to find a privacy respecting host that would serve a small static site like mine at a reasonable price. I found a couple of sites that interested me, but [Autistici/Inventati](https://www.autistici.org) was the one that got most of my attention. First of all, they respect users' privacy—or so they claim—and it is one of the projects that has given me the best impression in this matter so far. They also have a decentralized network thanks to the [R* plan](https://www.autistici.org/who/rplan/) and, on top of that, the project has ethical values that I share (something that I wasn't looking for in a host, but is much appreciated). Finally, my hosting is free of charge, although I will donate to the project to help it keep running. +Another option I considered was getting a home server. I would love to learn how +to build a server out of nothing, set it up and get it up and running, but I +don't want to have a computer running 24&#47;7 at home and, if it was to stop +working, my website would be down for some time (until I had spare time to fix +it). Indubitably, any server can have downtime, but I trust that volunteers +partly dedicated to maintaining servers will be able to fix issues before I can +do it myself. -In conclusion, I am very happy with my new host. It is better than what I was looking for and I get to choose how much I want to pay for it. What is more, I know that anything I donate to support it will go to a project trying to make a better internet. +So I had to find a privacy respecting host that would serve a small static site +like mine at a reasonable price. I found a couple of sites that interested me, +but [Autistici/Inventati][ai] was the one that got most of my attention. First +of all, they respect users' privacy—or so they claim—and it is one of the +projects that has given me the best impression in this matter so far. They also +have a decentralized network thanks to the [R* plan][r] and, on top of that, the +project has ethical values that I share (something that I wasn't looking for in +a host, but is much appreciated). Finally, my hosting is free of charge, +although I will donate to the project to help it keep running. + +In conclusion, I am very happy with my new host. It is better than what I was +looking for and I get to choose how much I want to pay for it. What is more, I +know that anything I donate to support it will go to a project trying to make a +better internet. + + +[gl]: <https://gitlab.com> "GitLab" +[ai]: <https://www.autistici.org> "Autistici/Inventati" +[r]: <https://www.autistici.org/who/rplan/> "R* plan — Autistici/Inventati" diff --git a/content/blog/2019-11-10-deploying-website.md b/content/blog/2019-11-10-deploying-website.md @@ -1,23 +1,70 @@ --- title: "Deploying a website using the WebDAV protocol" categories: "Technology" -tags: ["WebDAV", "Scripts", "rsync", "File synchronization", "davfs2", "Autistici/Inventati"] +tags: [ + "WebDAV", + "Scripts", + "rsync", + "File synchronization", + "davfs2", + "Autistici/Inventati" +] --- -Now that my website is [hosted by Autistici/Inventati]({{< ref "/blog/2019-11-04-new-host.md" >}}), I can no longer deploy it by just pushing my git repository's changes to GitLab, as I used to. In order to deploy my website, I need to access the server using the WebDAV protocol. To do so, I use [davfs2](https://savannah.nongnu.org/projects/davfs2)—which mounts the WebDAV resource—so I can access it like any other folder in the filesystem. -I had never used the WebDAV protocol before, so I used A/I's tutorial. It was was a very simple tutorial, but it goes straight to the point, without giving unneeded explanations. I set it all up and edited the `~/.davfs2/secrets` file to make the mounting process smother. I know that having a password in plain text is a potential security risk, but the password only gives access to the WebDAV service (not my whole A/I account) and is easily resettable. If someone got hold of the password, all they could do is change my website, until I realized it and change it. +Now that my website is [hosted by Autistici/Inventati][hb], I can no longer +deploy it by just pushing my git repository's changes to GitLab, as I used to. +In order to deploy my website, I need to access the server using the WebDAV +protocol. To do so, I use [davfs2][d]—which mounts the WebDAV resource—so I can +access it like any other folder in the filesystem. -Deploying the website would mean copying all the output files from [Hugo](https://gohugo.io/)—the static site generator used to build my site—to the specified folder on the mounted filesystem. The problem was that copying files (as well as removing them) takes a long time, I am guessing due to A/I's resources' configuration. To give some context, it took around 1 minute to copy 1MiB worth of files, plus 10 seconds to delete them. So deleting and copying the whole folder again every time I changed something wasn't a good deploying method (besides, it wastes resources server-side). +I had never used the WebDAV protocol before, so I used A/I's tutorial. It was +was a very simple tutorial, but it goes straight to the point, without giving +unneeded explanations. I set it all up and edited the `~/.davfs2/secrets` file +to make the mounting process smother. I know that having a password in plain +text is a potential security risk, but the password only gives access to the +WebDAV service (not my whole A/I account) and is easily resettable. If someone +got hold of the password, all they could do is change my website, until I +realized it and change it. -The solution I chose was [rsync](https://rsync.samba.org/). It is a great piece of software that efficiently transfers files from one folder to another. It checks the last modification time and the file size to avoid transferring files that are up to date. I already knew this program as I use it to back up my computers to hard drives (it reduces the backup time considerably after the first time), so implementing it should have been a breeze. I encountered two problems: +Deploying the website would mean copying all the output files from +[Hugo][hugo]—the static site generator used to build my site—to the specified +folder on the mounted filesystem. The problem was that copying files (as well as +removing them) takes a long time, I am guessing due to A/I's resources' +configuration. To give some context, it took around 1 minute to copy 1MiB worth +of files, plus 10 seconds to delete them. So deleting and copying the whole +folder again every time I changed something wasn't a good deploying method +(besides, it wastes resources server-side). -1. By default, `rsync` makes use of modification times to check whether a file should be transferred, but every time I build my site, all files are created again, so the modification times are always newer than the ones in the server.\ - There is a quick fix for this: the program has an option (`-c` or `--checksum`) that makes the program use the checksum of a file (instead of the modification time) along with the file size to determine whether it has changed. +The solution I chose was [rsync][r]. It is a great piece of software that +efficiently transfers files from one folder to another. It checks the last +modification time and the file size to avoid transferring files that are up to +date. I already knew this program as I use it to back up my computers to hard +drives (it reduces the backup time considerably after the first time), so +implementing it should have been a breeze. I encountered two problems: -2. `rsync` makes use of auxiliary files while synchronizing them. For some reason (that I still don't know, my guess is something to do with permissions), when those auxiliary files are finally renamed to the definitive filename, it fails, giving out an error and exiting without any file transferred.\ - To fix this issue, I used the `--temp-dir` option to specify a local directory as the one that should be used for the temporary files. With that set up, it doesn't give any more errors. +1. By default, `rsync` makes use of modification times to check whether a file + should be transferred, but every time I build my site, all files are created + again, so the modification times are always newer than the ones in the + server.\ + There is a quick fix for this: the program has an option (`-c` or + `--checksum`) that makes the program use the checksum of a file (instead of + the modification time) along with the file size to determine whether it has + changed. -So finally the `rsync` command worked, and the time used to update the website is now around 10 seconds, which is a lot better than a minute (considering my website might get larger, the impact can be even bigger). To automate the process I build a little script that will mount the filesystem, build the site, synchronize it with the server and unmount it again: +2. `rsync` makes use of auxiliary files while synchronizing them. For some + reason (that I still don't know, my guess is something to do with + permissions), when those auxiliary files are finally renamed to the definitive + filename, it fails, giving out an error and exiting without any file + transferred.\ + To fix this issue, I used the `--temp-dir` option to specify a + local directory as the one that should be used for the temporary files. With + that set up, it doesn't give any more errors. + +So finally the `rsync` command worked, and the time used to update the website +is now around 10 seconds, which is a lot better than a minute (considering my +website might get larger, the impact can be even bigger). To automate the +process I build a little script that will mount the filesystem, build the site, +synchronize it with the server and unmount it again: ```bash #!/bin/bash @@ -36,4 +83,13 @@ rmdir $TEMP_DIR umount $MOUNT_PATH ``` -As you can see, it is a very simple script. It removes the last built of the site from the local filesystem and builds it again (using the `--minify` option to reduce file sizes), it mounts the WebDAV resource, transfers the files and then unmounts the resource again. +As you can see, it is a very simple script. It removes the last built of the +site from the local filesystem and builds it again (using the `--minify` option +to reduce file sizes), it mounts the WebDAV resource, transfers the files and +then unmounts the resource again. + + +[hb]: <{{< ref "/blog/2019-11-04-new-host.md" >}}> "New website hosting servers — Oscar Benedito" +[d]: <https://savannah.nongnu.org/projects/davfs2> "davfs2 — NonGNU Savannah" +[hugo]: <https://gohugo.io> "Hugo" +[r]: <https://rsync.samba.org> "rsync" diff --git a/content/blog/2019-11-17-lineageos-with-microg.md b/content/blog/2019-11-17-lineageos-with-microg.md @@ -1,41 +1,93 @@ --- title: "Switching to LineageOS with microG" categories: "Technology" -tags: ["LineageOS", "microG", "FOSS", "Software", "Privacy"] +tags: [ + "LineageOS", + "microG", + "FOSS", + "Software", + "Privacy" +] lastmod: 2019-11-22 --- -One of the things I wanted to do when switching to more privacy-respecting providers was getting rid of Google Services on my phone. According to multiple articles, your Android phone gathers a lot of data and sends it to Google. It is true that my daily routine isn't a big secret, and any friend who asked me could probably get my location, but giving it away without my (explicit) consent is a completely different thing. + +One of the things I wanted to do when switching to more privacy-respecting +providers was getting rid of Google Services on my phone. According to multiple +articles, your Android phone gathers a lot of data and sends it to Google. It is +true that my daily routine isn't a big secret, and any friend who asked me could +probably get my location, but giving it away without my (explicit) consent is a +completely different thing. ## First attempt -I first installed LineageOS on my phone in January 2019. I tried installing it with Google Apps, but I then realized I was back with Google, so I decided to go with [microG](https://microg.org/) (a free/libre re-implementation of Google’s proprietary Android user space apps and libraries). But for some reason—unknown to me back then—, microG didn't work. As a result, the apps that required those libraries didn't work either. Apps that I wasn't willing to stop using, so I switched back to Android's stock ROM[^note]. +I first installed LineageOS on my phone in January 2019. I tried installing it +with Google Apps, but I then realized I was back with Google, so I decided to go +with [microG][mg] (a free/libre re-implementation of Google’s proprietary +Android user space apps and libraries). But for some reason—unknown to me back +then—, microG didn't work. As a result, the apps that required those libraries +didn't work either. Apps that I wasn't willing to stop using, so I switched back +to Android's stock ROM[^note]. -[^note]: It wasn't actually that quick. I tried to reinstall LineageOS with Gapps once again, but, for some reason, it wouldn't work and the phone stopped working (it was stuck on the boot screen, I left it for hours). I finally got help from an acquaintance (we had to go into Emergency Download Mode using the test point) and I was finally able to go back to Android's stock ROM. +[^note]: It wasn't actually that quick. I tried to reinstall LineageOS with + Gapps once again, but, for some reason, it wouldn't work and the phone stopped + working (it was stuck on the boot screen, I left it for hours). I finally got + help from an acquaintance (we had to go into Emergency Download Mode using the + test point) and I was finally able to go back to Android's stock ROM. ## Finding the problem For some time I used Android's stock ROM, when, by chance, I read the following: -> MicroG requires a patch called "signature spoofing", which allows the microG's apps to spoof themselves as Google Apps. LineageOS' developers refused (multiple times) to include the patch, forcing us to fork their project. +> MicroG requires a patch called "signature spoofing", which allows the microG's +> apps to spoof themselves as Google Apps. LineageOS' developers refused +> (multiple times) to include the patch, forcing us to fork their project. -LineageOS' developers had their reasons to refuse to do it. Luckily, the microG project has found a solution: they forked the project to add the signature spoofing patch. This way, you can get LineageOS with microG without having to worry about the patching part. They also added the "F-Droid Privileged Extension": +LineageOS' developers had their reasons to refuse to do it. Luckily, the microG +project has found a solution: they forked the project to add the signature +spoofing patch. This way, you can get LineageOS with microG without having to +worry about the patching part. They also added the "F-Droid Privileged +Extension": -> [F-Droid Privileged Extension] allows F-Droid to install and update apps without the need of user interaction or the unsafe "Unknown sources" option. +> [F-Droid Privileged Extension] allows F-Droid to install and update apps +> without the need of user interaction or the unsafe "Unknown sources" option. You can find more information about the fork at <https://lineage.microg.org/>. ## Second attempt -So I tried installing microG's fork. The installation process is the same, so it was very easy, as I already had all the required software installed on my computer and had already done all the steps multiple times before. +So I tried installing microG's fork. The installation process is the same, so it +was very easy, as I already had all the required software installed on my +computer and had already done all the steps multiple times before. -This time everything turned out fine and microG libraries worked fine. I installed the apps I needed from [F-Droid](https://f-droid.org/) and those that weren't there, I got from the [Aurora Store](https://auroraoss.com/), an app that allows the user to download apps from the Google Play Store without actually having it installed. +This time everything turned out fine and microG libraries worked fine. I +installed the apps I needed from [F-Droid][fd] and those that weren't there, I +got from the [Aurora Store][as], an app that allows the user to download apps +from the Google Play Store without actually having it installed. ## Performance -I had my doubts on whether the apps that require Google's libraries would function, but most of them did (and perfectly fine!), even the ones using Google Maps—which are now using MapBox—or the ones using location services. There was one app that didn't work, a game. I am not sure which was the problem, but I wasn't playing the game much anyway, so I just deleted the app. +I had my doubts on whether the apps that require Google's libraries would +function, but most of them did (and perfectly fine!), even the ones using Google +Maps—which are now using MapBox—or the ones using location services. There was +one app that didn't work, a game. I am not sure which was the problem, but I +wasn't playing the game much anyway, so I just deleted the app. -Most of the time I don't even notice that my OS doesn't have any Google proprietary code, as it behaves (nearly) the same as if it did. If you are thinking of moving to LineageOS, check out the fork, microG works very well! +Most of the time I don't even notice that my OS doesn't have any Google +proprietary code, as it behaves (nearly) the same as if it did. If you are +thinking of moving to LineageOS, check out the fork, microG works very well! ## Final comments -There is one alternative to microG's fork (besides LineageOS itself) that is also an "unGoogled" version of Android, [/e/](https://e.foundation/). Their product looks interesting, however, I didn't need the extra features they add on top of LineageOS so I went with the simpler option. If you are thinking about installing /e/, you might be interested in what the [ewwlo](https://ewwlo.xyz/) website claims about the project. +There is one alternative to microG's fork (besides LineageOS itself) that is +also an "unGoogled" version of Android, [/e/][e]. Their product looks +interesting, however, I didn't need the extra features they add on top of +LineageOS so I went with the simpler option. If you are thinking about +installing /e/, you might be interested in what the [ewwlo][ew] website claims +about the project. + + +[mg]: <https://microg.org> "microG" +[gd]: <https://f-droid.org> "F-Droid" +[as]: <https://auroraoss.com> "Aurora Store" +[e]: <https://e.foundation/> "/e/ Foundation" +[ew]: <https://ewwlo.xyz/> "ewwlo" diff --git a/content/blog/2019-11-24-backups.md b/content/blog/2019-11-24-backups.md @@ -1,16 +1,54 @@ --- title: "Backing up my computer" categories: "Technology" -tags: ["FOSS", "Software", "Privacy", "File synchronization", "Backup", "Offline", "Local"] +tags: [ + "FOSS", + "Software", + "Privacy", + "File synchronization", + "Backup", + "Offline", + "Local" +] --- -If you have important information on your computer, you probably back it up somehow. I used to save all my important files on Google Drive, which was convenient not only because it would make backups automatically, but because I could access my files from any computer, or even my phone without much effort. -Since reducing my dependency on Google, that isn't an option anymore, so I had to find an alternative. I have an account in a server running Nextcloud, so I could use it the way I used Google Drive—and I could access it as easily from other computers or my phone—, but I am also trying to reduce the amount of private information I put online (whether it is behind a password or not), so I decided that I should have offline backups for my computer[^note]. +If you have important information on your computer, you probably back it up +somehow. I used to save all my important files on Google Drive, which was +convenient not only because it would make backups automatically, but because I +could access my files from any computer, or even my phone without much effort. -[^note]: Regardless of the existence of an online backup, making an offline one is an interesting option, as you have full control over it. +Since reducing my dependency on Google, that isn't an option anymore, so I had +to find an alternative. I have an account in a server running Nextcloud, so I +could use it the way I used Google Drive—and I could access it as easily from +other computers or my phone—, but I am also trying to reduce the amount of +private information I put online (whether it is behind a password or not), so I +decided that I should have offline backups for my computer[^note]. -The main problem with backups is the effort/time spent doing them, so the process had to be as automated as possible, as well as fast and efficient. I decided to use the `rsync` tool, as it efficiently copies files from one directory to another, skipping the ones that are already up to date (it is also preinstalled and easy to run from the terminal). I use a bunch of options that make the transfer behave as I want to, and I created an alias for the command, so I only need to type `backup_all` to back up my computer. +[^note]: Regardless of the existence of an online backup, making an offline one + is an interesting option, as you have full control over it. -On top of my ordinary backup, I do a secondary backup (just in case!), which is made on my everyday USB drive. Having a backup of my `home` folder there is a little risky, as I have private information on my computer, so that is why I encrypt the backups. The software I use is [VeraCrypt](https://www.veracrypt.fr/en/Home.html), and this obviously makes the backup process a little more complicated. However, I created another alias that mounts the VeraCrypt volumes (there are two because I need more than 4GiB and the USB drive uses the FAT format), synchronizes the files and unmounts the volumes. So the only remaining thing for me to do is type in the passwords—although actually, KeePassXC does that for me. I might even automate that part in the future, so I only have to type in my master password. +The main problem with backups is the effort/time spent doing them, so the +process had to be as automated as possible, as well as fast and efficient. I +decided to use the `rsync` tool, as it efficiently copies files from one +directory to another, skipping the ones that are already up to date (it is also +preinstalled and easy to run from the terminal). I use a bunch of options that +make the transfer behave as I want to, and I created an alias for the command, +so I only need to type `backup_all` to back up my computer. -So backing up my files is a pretty smooth process again, plus I now know exactly what I am doing when running the command and the backups are made to hardware that I have access to. +On top of my ordinary backup, I do a secondary backup (just in case!), which is +made on my everyday USB drive. Having a backup of my `home` folder there is a +little risky, as I have private information on my computer, so that is why I +encrypt the backups. The software I use is [VeraCrypt][vc], and this obviously +makes the backup process a little more complicated. However, I created another +alias that mounts the VeraCrypt volumes (there are two because I need more than +4GiB and the USB drive uses the FAT format), synchronizes the files and unmounts +the volumes. So the only remaining thing for me to do is type in the +passwords—although actually, KeePassXC does that for me. I might even automate +that part in the future, so I only have to type in my master password. + +So backing up my files is a pretty smooth process again, plus I now know exactly +what I am doing when running the command and the backups are made to hardware +that I have access to. + + +[vc]: <https://www.veracrypt.fr/en/Home.html> "VeraCrypt" diff --git a/content/blog/2019-12-06-composer.md b/content/blog/2019-12-06-composer.md @@ -1,31 +1,91 @@ --- title: "Designing a composing interface" categories: "Technology" -tags: ["FOSS", "Software", "DIY", "Website"] +tags: [ + "FOSS", + "Software", + "DIY", + "Website" +] lastmod: 2019-12-06T01:00:00+00:00 --- -To write my blog posts, I use Markdown, a useful language to write simple fragments of text. The text is then "compiled" into HTML, which is then served as a webpage. Since Markdown files are plain text files, I mostly have used plain text editors in the past to write my posts, and I have had a decent experience with them. A week ago I was trying [WriteFreely](https://writefreely.org/) and the difference between their composing user interface and a text editor is very noticeable. I have read people say they love writing in Vim or Emacs, but for me, something more aesthetic is more suited. -I looked around to see if I could find any text editor similar to [WriteFreely's composer](https://write.as/new) and found [Ghostwriter](https://github.com/wereturtle/ghostwriter) which looked exactly like what I was looking for. However, the installation process wasn't particularly smooth in Debian, and I also use computers where I don't have root privileges, so I decided that it wouldn't suit my needs. Inspired by WriteFreely's composer, I decided to make an HTML file that would do exactly what I wanted. +To write my blog posts, I use Markdown, a useful language to write simple +fragments of text. The text is then "compiled" into HTML, which is then served +as a webpage. Since Markdown files are plain text files, I mostly have used +plain text editors in the past to write my posts, and I have had a decent +experience with them. A week ago I was trying [WriteFreely][wf] and the +difference between their composing user interface and a text editor is very +noticeable. I have read people say they love writing in Vim or Emacs, but for +me, something more aesthetic is more suited. + +I looked around to see if I could find any text editor similar to [WriteFreely's +composer][wfc] and found [Ghostwriter][gr] which looked exactly like what I was +looking for. However, the installation process wasn't particularly smooth in +Debian, and I also use computers where I don't have root privileges, so I +decided that it wouldn't suit my needs. Inspired by WriteFreely's composer, I +decided to make an HTML file that would do exactly what I wanted. ## Creating my own writing interface -To create my composing interface, I started with WriteFreely's and edited it heavily. The original had a lot of features (including a publishing button), so I deleted most of the code and added some of my own. As of the time of writing, my composer doesn't have many features, because it is supposed to be a simple and distraction-free tool to write content, but I will talk about the couple I have added so far. +To create my composing interface, I started with WriteFreely's and edited it +heavily. The original had a lot of features (including a publishing button), so +I deleted most of the code and added some of my own. As of the time of writing, +my composer doesn't have many features, because it is supposed to be a simple +and distraction-free tool to write content, but I will talk about the couple I +have added so far. ### Saving the content between sessions -The content you write doesn't disappear when you close your browser—unless you clean the browser's data. I use local storage[^ls] to store the text written, so when the composer is opened again, you can continue writing where you left off. I have whitelisted my domain from [Cookie AutoDelete](https://github.com/Cookie-AutoDelete/Cookie-AutoDelete), so I can start writing and get back to it and any point, just opening my browser. I also added a way to edit multiple "entries" at once using query strings to differentiate which one you want to retrieve/save the changes on. +The content you write doesn't disappear when you close your browser—unless you +clean the browser's data. I use local storage[^ls] to store the text written, so +when the composer is opened again, you can continue writing where you left off. +I have whitelisted my domain from [Cookie AutoDelete][cad], so I can start +writing and get back to it and any point, just opening my browser. I also added +a way to edit multiple "entries" at once using query strings to differentiate +which one you want to retrieve/save the changes on. -[^ls]: Wait! Local storage sounds like cookies, the ones that track you, right?! Well, in the first place, it is not the same. Local storage doesn't leave your computer (except through JavaScript, you [can check](/jsweblabels/) it doesn't in the composer). On the other hand, cookies are just pieces of information stored on your computer which are sent to the server. Someone can store a unique ID, so when you visit a website, they know it's you, tracking you around the internet. But cookies are also useful when you log in to a website, so you don't have to do it every time you move around a webpage. Cookies are not inherently bad. +[^ls]: Wait! Local storage sounds like cookies, the ones that track you, right?! + Well, in the first place, it is not the same. Local storage doesn't leave your + computer (except through JavaScript, you [can check][jswl] it doesn't in the + composer). On the other hand, cookies are just pieces of information stored on + your computer which are sent to the server. Someone can store a unique ID, so + when you visit a website, they know it's you, tracking you around the + internet. But cookies are also useful when you log in to a website, so you + don't have to do it every time you move around a webpage. Cookies are not + inherently bad. ### Exporting the text -I found myself pressing `Ctrl+s` pretty frequently when writing, a habit I have from coding (always save your changes!). If you do so on Firefox, a pop-up will appear offering you to save the page—the actual HTML page. I found it quite annoying and decided to assign the shortcut a different action. If you press `Ctrl+s`, it will seem like nothing happened, however, the composer will update the word count and save the text using the system mentioned previously (it also does all this after 0.2 seconds without typing, so the feature isn't super-useful, except for getting rid of the saving the HTML dialog). +I found myself pressing `Ctrl+s` pretty frequently when writing, a habit I have +from coding (always save your changes!). If you do so on Firefox, a pop-up will +appear offering you to save the page—the actual HTML page. I found it quite +annoying and decided to assign the shortcut a different action. If you press +`Ctrl+s`, it will seem like nothing happened, however, the composer will update +the word count and save the text using the system mentioned previously (it also +does all this after 0.2 seconds without typing, so the feature isn't +super-useful, except for getting rid of the saving the HTML dialog). -However, this gave me the idea to add an exporting feature. So, if you press `Ctrl+Shift+s`, you will download a Markdown file with the text written. I decided to make it specifically a Markdown file because it is what the composer is for, however, it can be used for any other language. +However, this gave me the idea to add an exporting feature. So, if you press +`Ctrl+Shift+s`, you will download a Markdown file with the text written. I +decided to make it specifically a Markdown file because it is what the composer +is for, however, it can be used for any other language. ## Conclusion -I can now write my posts on a very simple and minimalist interface, without distractions, but with a nice design. All this without the need of installing any software. Finally, I can also edit it to my needs, as I know exactly how it works and have learned basic notions of JavaScript. +I can now write my posts on a very simple and minimalist interface, without +distractions, but with a nice design. All this without the need of installing +any software. Finally, I can also edit it to my needs, as I know exactly how it +works and have learned basic notions of JavaScript. + +Some people have disagreed with making a webpage act like a piece of software, +however, it is the most convenient method for me. You can also simply save the +HTML file with the dependencies (the CSS and JavaScript files) and use it +offline, so it shouldn't be that much of a problem. + -Some people have disagreed with making a webpage act like a piece of software, however, it is the most convenient method for me. You can also simply save the HTML file with the dependencies (the CSS and JavaScript files) and use it offline, so it shouldn't be that much of a problem. +[wf]: <https://writefreely.org/> "WriteFreely" +[wfc]: <https://write.as/new> "New Post — Write.as" +[gr]: <https://github.com/wereturtle/ghostwriter> "Ghostwriter — GitHub" +[cad]: <https://github.com/Cookie-AutoDelete/Cookie-AutoDelete> "Cookie AutoDelete" +[jswl]: </jsweblabels/> "JavaScript Web Labels — Oscar Benedito" diff --git a/content/blog/2019-12-15-your-corner-of-the-internet.md b/content/blog/2019-12-15-your-corner-of-the-internet.md @@ -1,56 +1,135 @@ --- title: "Your corner of the Internet" categories: "Technology" -tags: ["Personal domain", "Personal website", "Decentralization", "DIY", "Website", "Hugo"] +tags: [ + "Personal domain", + "Personal website", + "Decentralization", + "DIY", + "Website", + "Hugo" +] lastmod: 2019-12-06 --- -We tend to have online accounts across different social networks and services. We upload our projects in some sites, we post on different ones and we follow different people on all of them. Our online identities—along with everything we share—are all over the place, but there is a way to solve this (and many other problems): personal websites. -Creating a personal website is a great way to share our projects, experiences, thoughts, etc. under our own terms, without being limited to a given theme or a couple of available options in a certain service. A personal website allows you to customize it as you want, whether that is quickly setting up a simple website with a portfolio, spending time creating the perfect CSS file or even setting up a service to share files with your friends using a password. - -You can buy a personal domain at a considerably cheap price (less than $12 a year for a `.me`, `.org` or `.com` domain), but it will provide you with something much more valuable: your corner of the Internet. Nobody can shut down your domain because it is no longer profitable and if your host can't continue to provide you with what you need, or they change their terms, you can simply switch companies, and still show your website under the same URL. You can change anything on the "backstage", and others will always find you at the same place. +We tend to have online accounts across different social networks and services. +We upload our projects in some sites, we post on different ones and we follow +different people on all of them. Our online identities—along with everything we +share—are all over the place, but there is a way to solve this (and many other +problems): personal websites. + +Creating a personal website is a great way to share our projects, experiences, +thoughts, etc. under our own terms, without being limited to a given theme or a +couple of available options in a certain service. A personal website allows you +to customize it as you want, whether that is quickly setting up a simple website +with a portfolio, spending time creating the perfect CSS file or even setting up +a service to share files with your friends using a password. + +You can buy a personal domain at a considerably cheap price (less than $12 a +year for a `.me`, `.org` or `.com` domain), but it will provide you with +something much more valuable: your corner of the Internet. Nobody can shut down +your domain because it is no longer profitable and if your host can't continue +to provide you with what you need, or they change their terms, you can simply +switch companies, and still show your website under the same URL. You can change +anything on the "backstage", and others will always find you at the same place. ## Building the website -If you don't have any experience with programming or using plain text and you don't want to spend time getting familiar with it, you can use WordPress[^wp] to create your site. It is a free (as in freedom) [content management system](https://en.wikipedia.org/wiki/Content_management_system) that will allow you to build a site without much HTML/CSS knowledge. If you are more comfortable with plain text and the terminal or want to get in touch with them, building a static site that supports Markdown will probably be a much better option. +If you don't have any experience with programming or using plain text and you +don't want to spend time getting familiar with it, you can use WordPress[^wp] to +create your site. It is a free (as in freedom) [content management system][cms] +that will allow you to build a site without much HTML/CSS knowledge. If you are +more comfortable with plain text and the terminal or want to get in touch with +them, building a static site that supports Markdown will probably be a much +better option. -[^wp]: I use WordPress as the dynamic alternative because it has a free license, it is beginner-friendly, it can easily be configured to run a personal website with a blog and a portfolio and because it is very popular. However, if you are thinking about creating a dynamic personal site, you should consider other options that are also interesting. +[^wp]: I use WordPress as the dynamic alternative because it has a free license, + it is beginner-friendly, it can easily be configured to run a personal website + with a blog and a portfolio and because it is very popular. However, if you + are thinking about creating a dynamic personal site, you should consider other + options that are also interesting. ### What is a static site? -Most of the websites we visit are dynamic. That means that the server we are retrieving the pages from is executing a program, and the pages we see are the results of that web application. Dynamic sites can be useful when we want users to be able to edit data. For instance, if users can log in and publish posts, that would require a dynamic site. - -On the other hand, there are static websites. In this case, the server simply serves files that are already stored on the server. So, for a given URL, everybody sees the same HTML (and JavaScript and CSS). You probably won't require a dynamic personal website, since you'll probably be publishing information about you, your projects, etc., without the need of a server that does real-time calculations to serve a page[^static]. - -[^static]: You can still change the contents in a static site, however, you will have to edit the text files manually and then upload them to the server (this can be automated). It is less complicated than it sounds once you learn Markdown (which is very simple). - -Why am I talking about static sites? Well, they offer some advantages over dynamic ones. - - - **More efficient**: since serving a page doesn't need any extra server-side operation, static sites use way fewer resources, which can benefit you when considering self-hosting the site. It will also make your site more environmentally friendly. - - **More secure**: since there isn't an app server, potential vulnerabilities are reduced drastically. - - **Faster**: because the server doesn't need to do operations, it can respond to requests faster, hence accelerating the loading time.\ - *That is a general claim, by using proper caching and using content delivery networks, speeds can change considerably. It also depends on the number of plugins installed (or other operations made by the server).* - -Because of these advantages, you can find free hosting for static sites and lower prices when self-hosting or using shared-hosting because of the lower amount of resources needed. Furthermore, since everything is stored in plain text and not in a database, you can easily use a version control system (such as Git) to keep a history of all your changes and easily share the source code of your site. +Most of the websites we visit are dynamic. That means that the server we are +retrieving the pages from is executing a program, and the pages we see are the +results of that web application. Dynamic sites can be useful when we want users +to be able to edit data. For instance, if users can log in and publish posts, +that would require a dynamic site. + +On the other hand, there are static websites. In this case, the server simply +serves files that are already stored on the server. So, for a given URL, +everybody sees the same HTML (and JavaScript and CSS). You probably won't +require a dynamic personal website, since you'll probably be publishing +information about you, your projects, etc., without the need of a server that +does real-time calculations to serve a page[^static]. + +[^static]: You can still change the contents in a static site, however, you will + have to edit the text files manually and then upload them to the server (this + can be automated). It is less complicated than it sounds once you learn + Markdown (which is very simple). + +Why am I talking about static sites? Well, they offer some advantages over +dynamic ones. + +- **More efficient**: since serving a page doesn't need any extra server-side + operation, static sites use way fewer resources, which can benefit you when + considering self-hosting the site. It will also make your site more + environmentally friendly. +- **More secure**: since there isn't an app server, potential vulnerabilities + are reduced drastically. +- **Faster**: because the server doesn't need to do operations, it can respond + to requests faster, hence accelerating the loading time.\ + *That is a general claim, by using proper caching and using content delivery + networks, speeds can change considerably. It also depends on the number of + plugins installed (or other operations made by the server).* + +Because of these advantages, you can find free hosting for static sites and +lower prices when self-hosting or using shared-hosting because of the lower +amount of resources needed. Furthermore, since everything is stored in plain +text and not in a database, you can easily use a version control system (such as +Git) to keep a history of all your changes and easily share the source code of +your site. ## Generating a multi-page site -To create a static website with multiple pages, you can use a static site generator. There are a lot of static site generators, and I use Hugo (for a couple of reasons that I might write about some other time). With the use of Hugo—most other generators also offer this functionality—, you can code your navigation bar in a file, your footer in a different one and include both of them in multiple templates. These templates will then gather the content from your Markdown (or HTML) files, put it all together and output all the HTML files of your site. Now that I have an operative site, when I want to publish a new post, I create a file with some metadata and the post content, and Hugo does the rest. Post files look like the following: +To create a static website with multiple pages, you can use a static site +generator. There are a lot of static site generators, and I use Hugo (for a +couple of reasons that I might write about some other time). With the use of +Hugo—most other generators also offer this functionality—, you can code your +navigation bar in a file, your footer in a different one and include both of +them in multiple templates. These templates will then gather the content from +your Markdown (or HTML) files, put it all together and output all the HTML files +of your site. Now that I have an operative site, when I want to publish a new +post, I create a file with some metadata and the post content, and Hugo does the +rest. Post files look like the following: ```markdown --- title: "Post title" categories: category -tags: ["tag1", "tag2"] +tags: [ "tag1", "tag2" ] --- Post content. ``` -Thanks to Hugo, it is very easy to add content to a website, and the source code is neatly organized. Hugo also lets you minify the content to reduce file sizes—although some people might argue against it, I find it useful and some files get reduced by up to 30% (CSS files)[^minify]. +Thanks to Hugo, it is very easy to add content to a website, and the source code +is neatly organized. Hugo also lets you minify the content to reduce file +sizes—although some people might argue against it, I find it useful and some +files get reduced by up to 30% (CSS files)[^minify]. -[^minify]: On top of that, you can always find the source code well indented in the repository, by clicking on *Inspect element* or by using a prettifier. +[^minify]: On top of that, you can always find the source code well indented in + the repository, by clicking on *Inspect element* or by using a prettifier. ## Conclusion -Since my recent exit from multiple services because of privacy terms concerns, I realized having a personal website can substitute social networks. I get to share anything I want on my own terms (and with my own theme!), ensuring privacy to anybody who wants to read, and I get to keep the copyright over my content. I now have my corner of the Internet, where everyone can find me, contact me and read what I have to share. +Since my recent exit from multiple services because of privacy terms concerns, I +realized having a personal website can substitute social networks. I get to +share anything I want on my own terms (and with my own theme!), ensuring privacy +to anybody who wants to read, and I get to keep the copyright over my content. I +now have my corner of the Internet, where everyone can find me, contact me and +read what I have to share. + + +[cms]: <https://en.wikipedia.org/wiki/Content_management_system> "Content management system — Wikipedia" diff --git a/content/blog/2019-12-24-new-world-of-software.md b/content/blog/2019-12-24-new-world-of-software.md @@ -1,24 +1,73 @@ --- title: "A new world of software" categories: "Technology" -tags: ["FOSS", "Software"] +tags: [ + "FOSS", + "Software" +] --- -As I have said before, I was a big user of big tech companies' services. I also used macOS (and Windows before that) and proprietary software for mostly everything. I didn't really know what free[^fsw] software was and, if I was running any, it was by coincidence. -[^fsw]: Here (and throughout the post) I am talking about [free as in freedom](https://www.gnu.org/philosophy/free-sw.html) software. +As I have said before, I was a big user of big tech companies' services. I also +used macOS (and Windows before that) and proprietary software for mostly +everything. I didn't really know what free[^fsw] software was and, if I was +running any, it was by coincidence. -At college, I discovered the world of GNU/Linux. I had an old computer that was very slow and someone promised that GNU/Linux would make it significantly faster, so I installed Debian next to macOS. This way, every time I turned on my computer I would be able to choose which operating system I wanted to use, and if something happened to my GNU partition, I could still use the computer as before. Even with Debian installed, the computer eventually started to become too slow for my needs and I bought a new computer where I also installed Debian next to the default OS. As for the old computer, I eventually erased both partitions and installed Manjaro with XFCE instead, I don't use it much anymore because of its limitations. +[^fsw]: Here (and throughout the post) I am talking about [free as in + freedom][fs] software. -Progressively, I learned more and more about free software and I decided to use the Debian partition nearly-exclusively. Ultimately, I got used to the new desktop environment, the new tools (the terminal!) and all the new different things you find in GNU/Linux. There has been an interesting side effect of using Debian as my daily operative system: most of the software I now run is free/libre as a result of it. +At college, I discovered the world of GNU/Linux. I had an old computer that was +very slow and someone promised that GNU/Linux would make it significantly +faster, so I installed Debian next to macOS. This way, every time I turned on my +computer I would be able to choose which operating system I wanted to use, and +if something happened to my GNU partition, I could still use the computer as +before. Even with Debian installed, the computer eventually started to become +too slow for my needs and I bought a new computer where I also installed Debian +next to the default OS. As for the old computer, I eventually erased both +partitions and installed Manjaro with XFCE instead, I don't use it much anymore +because of its limitations. -I always thought free software was either worse than the proprietary alternative or non-existent for a given task. What I have realized is that there are free options for most of the use cases and that once you are used to the terminal, they can even be easier to work with, work faster and be more reliable. Moreover, they normally[^ime] are also lighter programs, use fewer resources and generally follow standards (whereas proprietary software creates its own protocols/file types more frequently). +Progressively, I learned more and more about free software and I decided to use +the Debian partition nearly-exclusively. Ultimately, I got used to the new +desktop environment, the new tools (the terminal!) and all the new different +things you find in GNU/Linux. There has been an interesting side effect of using +Debian as my daily operative system: most of the software I now run is +free/libre as a result of it. + +I always thought free software was either worse than the proprietary alternative +or non-existent for a given task. What I have realized is that there are free +options for most of the use cases and that once you are used to the terminal, +they can even be easier to work with, work faster and be more reliable. +Moreover, they normally[^ime] are also lighter programs, use fewer resources and +generally follow standards (whereas proprietary software creates its own +protocols/file types more frequently). [^ime]: That is generally in my experience. -Don't get me wrong, there are advantages to proprietary software. It can sometimes work better, be nicer or more intuitive. Maybe it just suits your needs better because it's what you are used to. There may be commodities we are familiar with in proprietary software that are hard to let go of. However, in my case, it has gotten to the point that it is the other way around. It is hard to let go the easy installation process of free software, without license complications, the fact that it is available for GNU/Linux operative systems, the community around the software, the minimalism of the tools that get the job done, without the need of thousands of extra features. +Don't get me wrong, there are advantages to proprietary software. It can +sometimes work better, be nicer or more intuitive. Maybe it just suits your +needs better because it's what you are used to. There may be commodities we are +familiar with in proprietary software that are hard to let go of. However, in my +case, it has gotten to the point that it is the other way around. It is hard to +let go the easy installation process of free software, without license +complications, the fact that it is available for GNU/Linux operative systems, +the community around the software, the minimalism of the tools that get the job +done, without the need of thousands of extra features. -There is a whole world of efficient and useful software that I had never *really* explored and I now see why so many people use it. I no longer look for free/libre *alternatives* to a proprietary program, but it is the only kind of software that I look for. Dealing with closed source and proprietary software is now my plan B, when everything else fails. +There is a whole world of efficient and useful software that I had never +*really* explored and I now see why so many people use it. I no longer look for +free/libre *alternatives* to a proprietary program, but it is the only kind of +software that I look for. Dealing with closed source and proprietary software is +now my plan B, when everything else fails. ## Final note -Firstly, in this post I claim certain qualities of both free and proprietary software. It is always spoken from my experience and perspective, your experience may be different. They are also qualities that I commonly find, instead of a claim that all software on a given category has them. Secondly, I deliberately left aside the ethical component of free software, as it wasn't what I wanted to talk about, however, you might be interested in reading more about it. +Firstly, in this post I claim certain qualities of both free and proprietary +software. It is always spoken from my experience and perspective, your +experience may be different. They are also qualities that I commonly find, +instead of a claim that all software on a given category has them. Secondly, I +deliberately left aside the ethical component of free software, as it wasn't +what I wanted to talk about, however, you might be interested in reading more +about it. + + +[fs]: <https://www.gnu.org/philosophy/free-sw.html> "What is free software? — GNU Project" diff --git a/content/blog/2020-01-12-securing-communications.md b/content/blog/2020-01-12-securing-communications.md @@ -1,46 +1,125 @@ --- title: "Securing communications" categories: "Knowledge base" -tags: ["Cryptography", "Software", "Privacy", "Security", "Encryption"] +tags: [ + "Cryptography", + "Software", + "Privacy", + "Security", + "Encryption" +] +lastmod: 2020-08-10 --- -We use cryptographic techniques daily without really knowing how they work, so I'm going to try and explain some basic concepts. Let's start with Wikipedia's current definition: -> Cryptography or cryptology is the practice and study of techniques for secure communication in the presence of third parties called adversaries. -> -> --- *[Wikipedia's cryptography entry](https://en.wikipedia.org/wiki/Cryptography)* - -One cryptographic process we are all familiar with is encryption, that allows us to change the contents of a message so only certain people with a "key" can decipher and read it. A simple—and well known—example of encryption is the [Caesar cipher](https://en.wikipedia.org/wiki/Caesar_cipher) (if you haven't heard of it, check out how it works!). - -Let's consider the following scenario with three people (or parties): Alice, Bob and Craig. Alice wants to contact Bob privately, while Craig is trying to eavesdrop. This is all happening through a network, in this particular scenario, they are communicating through the mail. Craig works at the postal office, so he could get Alice's letter, open it, read it, put it back in a new envelope that looks exactly the same as Alice's and then send it to Bob. +We use cryptographic techniques daily without really knowing how they work, so +I'm going to try and explain some basic concepts. Let's start with Wikipedia's +current definition: -Craig's attack is known as a man-in-the-middle attack, happening when the attacker is able to secretly relay information between two parties (and with the ability to change the contents of the communication). This attack isn't particularly hard to carry out on the Internet, but we are normally protected by cryptographic methods (that ensure the privacy and authenticity of our communications). +> Cryptography or cryptology is the practice and study of techniques for secure +> communication in the presence of third parties called adversaries. +> +> --- *[Wikipedia's cryptography entry][cry]* + +One cryptographic process we are all familiar with is encryption, that allows us +to change the contents of a message so only certain people with a "key" can +decipher and read it. A simple—and well known—example of encryption is the +[Caesar cipher][cc] (if you haven't heard of it, check out how it works!). + +Let's consider the following scenario with three people (or parties): Alice, Bob +and Craig. Alice wants to contact Bob privately, while Craig is trying to +eavesdrop. This is all happening through a network, in this particular scenario, +they are communicating through the mail. Craig works at the postal office, so he +could get Alice's letter, open it, read it, put it back in a new envelope that +looks exactly the same as Alice's and then send it to Bob. + +Craig's attack is known as a man-in-the-middle attack, happening when the +attacker is able to secretly relay information between two parties (and with the +ability to change the contents of the communication). This attack isn't +particularly hard to carry out on the Internet, but we are normally protected by +cryptographic methods (that ensure the privacy and authenticity of our +communications). ## Encrypting a message -Alice knows about the flaws of the mail system, so she decides to encrypt her message. She could use the Caesar cipher. If Bob knows how much Alice "shifted" the alphabet, he will be able to read her message, while Craig won't. Or will he? Couldn't Craig just try all the numbers from 1 to 25 and just see which one gives a message that makes sense? And how did Alice tell Bob how much she "shifted" the alphabet without Craig reading it? - -Those are good points. We currently use better encryption methods than the Caesar cipher that tackle these issues. The first concern is talking about a brute-force attack (when the attacker tries many keys in order to—eventually—find the correct one). We can protect our messages against brute-force attacks by using an encryption method that admits a huge number of different possible keys. How big? If you create a key with GPG, the minimum key size is 1024 bits (which gives us 2<sup>1024</sup> different possible keys). How hard would it be to crack it? [This video](https://www.invidio.us/watch?v=S9JGmA5_unY)[^invidious] explains it pretty well for a key that is 256 bits long (2<sup>256</sup> possible keys). First problem solved! Bob isn't deciphering our letter anytime soon! - -[^invidious]: The video was originally posted on YouTube, I linked to Invidious, a platform that minimizes Google's tracking while watching YouTube. The original video link is <https://www.youtube.com/watch?v=S9JGmA5_unY>. - -About the second issue... How can Alice tell Bob her secret password before they can encrypt anything? It turns out she doesn't need to do that at all! She can use asymmetric cryptography to solve this problem. In asymmetric encryption, everyone has two keys[^nodetail]: a public key and a private key. Our public key will be *public*! Everyone can know it (and that won't put our encrypted messages in danger), while our private key will only be known to us. When using asymmetric encryption, we encrypt messages using someone else's **public** key, but only someone with the **private** key will be able to decipher it. - -[^nodetail]: These pair of keys are created in a particular way (that "links" them). I won't get into detail on how it works (it is beyond the scope of this post), but there is a lot of information on the Internet if you are interested. - -So now Bob can simply send Alice his public key, which she will use to encrypt the message. Only Bob with his private key will be able to decipher the message. A system of communication that is resistant to Craig's attacks, so far... +Alice knows about the flaws of the mail system, so she decides to encrypt her +message. She could use the Caesar cipher. If Bob knows how much Alice "shifted" +the alphabet, he will be able to read her message, while Craig won't. Or will +he? Couldn't Craig just try all the numbers from 1 to 25 and just see which one +gives a message that makes sense? And how did Alice tell Bob how much she +"shifted" the alphabet without Craig reading it? + +Those are good points. We currently use better encryption methods than the +Caesar cipher that tackle these issues. The first concern is talking about a +brute-force attack (when the attacker tries many keys in order +to—eventually—find the correct one). We can protect our messages against +brute-force attacks by using an encryption method that admits a huge number of +different possible keys. How big? If you create a key with GPG, the minimum key +size is 1024 bits (which gives us 2<sup>1024</sup> different possible keys). How +hard would it be to crack it? [This video][yt] explains it pretty well for a key +that is 256 bits long (2<sup>256</sup> possible keys). First problem solved! Bob +isn't deciphering our letter anytime soon! + +About the second issue... How can Alice tell Bob her secret password before they +can encrypt anything? It turns out she doesn't need to do that at all! She can +use asymmetric cryptography to solve this problem. In asymmetric encryption, +everyone has two keys[^nodetail]: a public key and a private key. Our public key +will be *public*! Everyone can know it (and that won't put our encrypted +messages in danger), while our private key will only be known to us. When using +asymmetric encryption, we encrypt messages using someone else's **public** key, +but only someone with the **private** key will be able to decipher it. + +[^nodetail]: These pair of keys are created in a particular way (that "links" + them). I won't get into detail on how it works (it is beyond the scope of this + post), but there is a lot of information on the Internet if you are + interested. + +So now Bob can simply send Alice his public key, which she will use to encrypt +the message. Only Bob with his private key will be able to decipher the message. +A system of communication that is resistant to Craig's attacks, so far... ## Signing a message -Craig can't decipher the message, so he might try another strategy: change it! He will get Alice's letter, destroy it, and send a different one to Bob (making it look like it came from Alice). The communication is private, but not secure yet! +Craig can't decipher the message, so he might try another strategy: change it! +He will get Alice's letter, destroy it, and send a different one to Bob (making +it look like it came from Alice). The communication is private, but not secure +yet! + +Once again, cryptographic techniques come to the rescue with the ability to +digitally sign messages (also using asymmetric cryptography). What signing a +message does is kind of the opposite of encryption: Alice can use her +**private** key to sign her message, which will output a new file (the +signature). Now, anybody with the message, the signature made by Alice, and her +**public** key can check that the message was signed using Alice's private key, +therefore ensuring nobody changed it (signatures are different for different +messages). + +Now, Craig can still destroy the message and send a different one. However, Bob +will realize there isn't a signature (or the one given doesn't match the +message). This will alert Bob that the contents of the message might indeed not +come from Alice. Bob might not be able to get Alice's message, but Craig will +never be able to impersonate her. -Once again, cryptographic techniques come to the rescue with the ability to digitally sign messages (also using asymmetric cryptography). What signing a message does is kind of the opposite of encryption: Alice can use her **private** key to sign her message, which will output a new file (the signature). Now, anybody with the message, the signature made by Alice, and her **public** key can check that the message was signed using Alice's private key, therefore ensuring nobody changed it (signatures are different for different messages). +## Final notes -Now, Craig can still destroy the message and send a different one. However, Bob will realize there isn't a signature (or the one given doesn't match the message). This will alert Bob that the contents of the message might indeed not come from Alice. Bob might not be able to get Alice's message, but Craig will never be able to impersonate her. +The problem with the digital signature is that there has to be an initial +contact that both parties know has not been compromised[^sharingpk]. This could +be achieved by meeting in person and exchanging keys, although that could be +hard for two parties that live in different parts of the world trying to talk +over the Internet. There are methods to work around this problem, although none +is perfect. -## Final notes +[^sharingpk]: If not, the first time Alice sends her public key, Craig could + change it a different one and therefore being able to successfully sign + messages with what Bob trusts is Alice's private key. + +Hopefully, this post gave you a basic overview of some things that can be done +using cryptographic techniques and how they are necessary when securing our +online communications. -The problem with the digital signature is that there has to be an initial contact that both parties know has not been compromised[^sharingpk]. This could be achieved by meeting in person and exchanging keys, although that could be hard for two parties that live in different parts of the world trying to talk over the Internet. There are methods to work around this problem, although none is perfect. +*Edit*: Invidious link has been changed to YouTube as Invidious instance is +shutting down. -[^sharingpk]: If not, the first time Alice sends her public key, Craig could change it a different one and therefore being able to successfully sign messages with what Bob trusts is Alice's private key. -Hopefully, this post gave you a basic overview of some things that can be done using cryptographic techniques and how they are necessary when securing our online communications. +[cry]: <https://en.wikipedia.org/wiki/Cryptography> "Cryptography — Wikipedia" +[cc]: <https://en.wikipedia.org/wiki/Caesar_cipher> "Caesar cipher — Wikipedia" +[yt]: <https://www.youtube.com/watch?v=S9JGmA5_unY> "How secure is 256 bit security? — YouTube" diff --git a/content/blog/2020-01-17-documenting-server.md b/content/blog/2020-01-17-documenting-server.md @@ -1,21 +1,57 @@ --- title: "Documenting my server" categories: "Incidental" -tags: ["Personal server", "VPS", "Documentation", "DIY", "Backup"] +tags: [ + "Personal server", + "VPS", + "Documentation", + "DIY", + "Backup" +] lastmod: 2020-03-01 --- -Not long ago I realized that I could get $50 of credit on Digital Ocean with my GitHub Student account, so I decided to try it. I transferred my website there, and with time I started adding services. It is currently running the following services: - - My webpage ([oscarbenedito.com](https://oscarbenedito.com)). - - Redirections from [www.oscarbenedito.com](https://www.oscarbenedito.com), [obenedito.org](https://obenedito.org) and [www.obenedito.org](https://www.obenedito.org) to [oscarbenedito.com](https://oscarbenedito.com). - - A [Gotify](https://gotify.net/) server through which I am able to send notifications to my phone. - - A static page showing traffic on my website thanks to [GoAccess](https://goaccess.io/) (which analyzes Apache's log files). - - It runs [this script](https://gitlab.com/oscarbenedito/utilities/-/tree/master/git-backup) daily to back up all my git repositories and others I find interesting. - - It notifies me if any new documents are uploaded to my college Moodle using [this script](https://gitlab.com/oscarbenedito/utilities/-/tree/master/atenea-updates-notifications) and a cronjob. - - It notifies me every time someone logs in to the server using SSH. +Not long ago I realized that I could get $50 of credit on Digital Ocean with my +GitHub Student account, so I decided to try it. I transferred my website there, +and with time I started adding services. It is currently running the following +services: -As time passes I am adding more and more features to my server. In the first place because it is fun to learn about different things and installing them, but also because they are useful features (indeed I have tried to run other programs which ended up not being as useful as I initially thought). I realized it is getting to the point where if something was to happen to my server (and it got erased), I would probably not remember how I set up everything, so I decided to do some documentation work[^backup]. +- My webpage ([oscarbenedito.com][com]). +- Redirections from [www.oscarbenedito.com][wcom], [obenedito.org][org] and + [www.obenedito.org][worg] to [oscarbenedito.com][com]. +- A [Gotify][g] server through which I am able to send notifications to my + phone. +- A static page showing traffic on my website thanks to [GoAccess][ga] (which + analyzes Apache's log files). +- It runs [this script][gb] daily to back up all my git repositories and others + I find interesting. +- It notifies me if any new documents are uploaded to my college Moodle using + [this script][aun] and a cronjob. +- It notifies me every time someone logs in to the server using SSH. -[^backup]: I know that taking snapshots of the server or making a backup every once in a while would solve that issue. However, that wasn't the only goal. I wanted to be able to rebuild my server from scratch again. +As time passes I am adding more and more features to my server. In the first +place because it is fun to learn about different things and installing them, but +also because they are useful features (indeed I have tried to run other programs +which ended up not being as useful as I initially thought). I realized it is +getting to the point where if something was to happen to my server (and it got +erased), I would probably not remember how I set up everything, so I decided to +do some documentation work[^backup]. -After some time, I am nearly done documenting everything that is set up and I am pretty confident if I had to do it all again now, the documentation would be very useful. Besides, it is also a good way of keeping a record of everything running in the server and its configuration. +[^backup]: I know that taking snapshots of the server or making a backup every + once in a while would solve that issue. However, that wasn't the only goal. I + wanted to be able to rebuild my server from scratch again. + +After some time, I am nearly done documenting everything that is set up and I am +pretty confident if I had to do it all again now, the documentation would be +very useful. Besides, it is also a good way of keeping a record of everything +running in the server and its configuration. + + +[com]: <https://oscarbenedito.com> +[wcom]: <https://www.oscarbenedito.com> +[org]: <https://obenedito.org> +[worg]: <https://www.obenedito.org> +[g]: <https://gotify.net/> "Gotify" +[ga]: <https://goaccess.io/> "GoAccess" +[gb]: <https://gitlab.com/oscarbenedito/utilities/-/tree/master/git-backup> "Git Backup — GitLab" +[aun]: <https://gitlab.com/oscarbenedito/utilities/-/tree/master/atenea-updates-notifications> "Atenea Updates Notifications — GitLab" diff --git a/content/blog/2020-01-25-syncthing.md b/content/blog/2020-01-25-syncthing.md @@ -1,10 +1,29 @@ --- title: "File synchronization software: Syncthing" categories: "Technology" -tags: ["Backup", "Decentralization", "File synchronization", "Privacy", "Software"] +tags: [ + "Backup", + "Decentralization", + "File synchronization", + "Privacy", + "Software" +] --- -[Syncthing](https://syncthing.net/) is a file synchronization program. It allows you to sync files between computers over LAN or the Internet. It is a very simple program that just gets the job done. -I use it to synchronize files between two computers and my phone. When synchronizing two computers, I find it to be a much faster—and smoother—approach than doing it with a USB, while mantaining my privacy and avoiding the exposure of private document to companies on the Internet. I also use it to back up a couple of folders from my phone, including my pictures. Every once in a while I will activate syncthing on my phone, it will sync everything with my computer and then I just exit it. It is fast and simple. +[Syncthing][s] is a file synchronization program. It allows you to sync files +between computers over LAN or the Internet. It is a very simple program that +just gets the job done. -If you want to synchronize/back up your computer or phone privately, check it out! +I use it to synchronize files between two computers and my phone. When +synchronizing two computers, I find it to be a much faster—and smoother—approach +than doing it with a USB, while mantaining my privacy and avoiding the exposure +of private document to companies on the Internet. I also use it to back up a +couple of folders from my phone, including my pictures. Every once in a while I +will activate syncthing on my phone, it will sync everything with my computer +and then I just exit it. It is fast and simple. + +If you want to synchronize/back up your computer or phone privately, check it +out! + + +[s]: <https://syncthing.net/> "Syncthing" diff --git a/content/blog/2020-02-12-deploying-hugo-site.md b/content/blog/2020-02-12-deploying-hugo-site.md @@ -1,23 +1,49 @@ --- title: "Deploying a website built with Hugo" categories: "Technology" -tags: ["Personal website", "Personal domain", "Personal server", "Hosting services", "Self-hosting"] +tags: [ + "Personal website", + "Personal domain", + "Personal server", + "Hosting services", + "Self-hosting" +] --- -I have [previously talked]({{< ref "/blog/2019-12-15-your-corner-of-the-internet.md" >}}) about creating a personal website, in this post I will talk about hosting it. More specifically, I'm going to explain how to host a website built with Hugo. + +I have [previously talked][post] about creating a personal website, in this post +I will talk about hosting it. More specifically, I'm going to explain how to +host a website built with Hugo. ## Hosting without a server -If you don't have a server or don't want to be in charge of one, you can let GitLab host your website. You can either do it with your own domain or use the one GitLab will assign you based on your username. If you want to do it this way, take a look at [their example](https://gitlab.com/pages/hugo), you only need to add that `.gitlab-ci.yml` file to your repository and GitLab will do the rest. +If you don't have a server or don't want to be in charge of one, you can let +GitLab host your website. You can either do it with your own domain or use the +one GitLab will assign you based on your username. If you want to do it this +way, take a look at [their example][ex], you only need to add that +`.gitlab-ci.yml` file to your repository and GitLab will do the rest. -There are other services that will host a static site for free like Netlify (which supports Hugo) or services that host a site given the HTML files such as Neocities—in this case, you would need to run Hugo locally and upload the output files. +There are other services that will host a static site for free like Netlify +(which supports Hugo) or services that host a site given the HTML files such as +Neocities—in this case, you would need to run Hugo locally and upload the output +files. ## Hosting with a server -If you have a server or would like to run one, you can host your website there. Let's see how to do it using Apache. First of all, we will install Apache and Hugo on our server and clone our site's repository somewhere. In my case, my Hugo directory is found in the `/srv` directory and the actual files that should be served are in the `public` folder inside the directory[^var]. Therefore, the directory I want to serve is `/srv/<hugo_directory>/public` (created by Hugo). +If you have a server or would like to run one, you can host your website there. +Let's see how to do it using Apache. First of all, we will install Apache and +Hugo on our server and clone our site's repository somewhere. In my case, my +Hugo directory is found in the `/srv` directory and the actual files that should +be served are in the `public` folder inside the directory[^var]. Therefore, the +directory I want to serve is `/srv/<hugo_directory>/public` (created by Hugo). [^var]: It is also a common practice to put it under `/var/www`. -Before we begin, let's edit Apache's configuration to deny access to the default folders. I am not sure if this is actually necessary as you will be setting up site root directories, but I like to restrict any access and then grant it on a per-site basis. Go to the Apache configuration file found at `/etc/apache2/apache2.conf` and comment the lines with the following content (put a `#` at the start of the line): +Before we begin, let's edit Apache's configuration to deny access to the default +folders. I am not sure if this is actually necessary as you will be setting up +site root directories, but I like to restrict any access and then grant it on a +per-site basis. Go to the Apache configuration file found at +`/etc/apache2/apache2.conf` and comment the lines with the following content +(put a `#` at the start of the line): ```apache <Directory /var/www/> @@ -33,7 +59,12 @@ Before we begin, let's edit Apache's configuration to deny access to the default </Directory> ``` -That will restrict access to the specified directories (which will not be public from now on). In order to grant access to the desired folder, we'll create a file under `/etc/apache2/sites-available` with the site's configuration. I like to name the files after the (sub)domain, so I would put my apache configuration in the file `/etc/apache2/sites-available/<domain_name>.conf`, with the following configuration: +That will restrict access to the specified directories (which will not be public +from now on). In order to grant access to the desired folder, we'll create a +file under `/etc/apache2/sites-available` with the site's configuration. I like +to name the files after the (sub)domain, so I would put my apache configuration +in the file `/etc/apache2/sites-available/<domain_name>.conf`, with the +following configuration: ```apache <VirtualHost *:80> @@ -53,20 +84,56 @@ That will restrict access to the specified directories (which will not be public </VirtualHost> ``` -What is happening here? We are creating a virtual host for incoming connections on port 80 (default HTTP port) that will respond to requests to the `<domain_name>` domain (specified on the `ServerName`). The root folder for the domain will be `/srv/<hugo_directory>/public` (so if you access `http://<domain_name>/blog/index.html`, it will serve with the file found at `/srv/<hugo_directory>/public/blog/index.html`). After that, we set up the error and access log files (the domain part of the name is not necessary, especially if you are only hosting one service). - -The second part of the file looks similar to the commented lines above, and they actually do the same job, we just have them in this file which makes it easier to keep track of which directories is each site depending on and their permissions. In this case, we allow Apache to follow symbolic links and we give access to our files to any user on the web (we won't ask for a password). On top of that, I specified a custom 404 file (which will also be served when the visitor is trying to access a restricted file or directory, which gives error 403). - -Configuration ready! We'll need to activate it using the following command as the root user: +What is happening here? We are creating a virtual host for incoming connections +on port 80 (default HTTP port) that will respond to requests to the +`<domain_name>` domain (specified on the `ServerName`). The root folder for the +domain will be `/srv/<hugo_directory>/public` (so if you access +`http://<domain_name>/blog/index.html`, it will serve with the file found at +`/srv/<hugo_directory>/public/blog/index.html`). After that, we set up the error +and access log files (the domain part of the name is not necessary, especially +if you are only hosting one service). + +The second part of the file looks similar to the commented lines above, and they +actually do the same job, we just have them in this file which makes it easier +to keep track of which directories is each site depending on and their +permissions. In this case, we allow Apache to follow symbolic links and we give +access to our files to any user on the web (we won't ask for a password). On top +of that, I specified a custom 404 file (which will also be served when the +visitor is trying to access a restricted file or directory, which gives error +403). + +Configuration ready! We'll need to activate it using the following command as +the root user: ```bash a2ensite <domain_name>.conf ``` -And just make sure your DNS is pointing to the server. Everything should work now! However, we are serving our page through HTTP, we [definitely](https://doesmysiteneedhttps.com/) want HTTPS. It might sound unnecessary since we don't have any forms on our website (no data to be encrypted), but HTTPS also guarantees site authenticity (protects you against man-in-the-middle attacks) and normalizes the use of encryption on the web. +And just make sure your DNS is pointing to the server. Everything should work +now! However, we are serving our page through HTTP, we [definitely][dmsnh] want +HTTPS. It might sound unnecessary since we don't have any forms on our website +(no data to be encrypted), but HTTPS also guarantees site authenticity (protects +you against man-in-the-middle attacks) and normalizes the use of encryption on +the web. + +In order to set up HTTPS, we need a certificate. I use one issued by [Let's +Encrypt][le], which are free and very easy to use (and they are renewed +automatically). To do so, I use [Certbot][cb], developed by the [EFF][eff]. To +use it, go to the Certbot's page, install it on your server and follow the +instructions on the website. Make sure you enable redirection to HTTPS! + +It takes about 2 minutes to set up and now people will connect to your site +using HTTPS. You can see that a new file has been created at +`/etc/apache2/sites-available/<domain_name>-le-ssl.conf` by Certbot to configure +the HTTPS site, plus a couple of lines will be added to the configuration file +on port 80 to redirect to the encrypted site. -In order to set up HTTPS, we need a certificate. I use one issued by [Let's Encrypt](https://letsencrypt.org), which are free and very easy to use (and they are renewed automatically). To do so, I use [Certbot](https://certbot.eff.org/), developed by the [EFF](https://www.eff.org/). To use it, go to the Certbot's page, install it on your server and follow the instructions on the website. Make sure you enable redirection to HTTPS! +Your site is ready! -It takes about 2 minutes to set up and now people will connect to your site using HTTPS. You can see that a new file has been created at `/etc/apache2/sites-available/<domain_name>-le-ssl.conf` by Certbot to configure the HTTPS site, plus a couple of lines will be added to the configuration file on port 80 to redirect to the encrypted site. -Your site is ready! +[post]: <{{< ref "/blog/2019-12-15-your-corner-of-the-internet.md" >}}> "Your corner of the Internet — Oscar Benedito" +[ex]: <https://gitlab.com/pages/hugo> "GitLab Pages Examples: Hugo — GitLab" +[dmsnh]: <https://doesmysiteneedhttps.com/> "Does my site need HTTPS?" +[le]: <https://letsencrypt.org> "Let's Encrypt" +[cb]: <https://certbot.eff.org/> "Certbot" +[eff]: <https://www.eff.org/> "Electronic Frontier Foundation" diff --git a/content/blog/2020-02-23-sharing-a-secret.pdc b/content/blog/2020-02-23-sharing-a-secret.pdc @@ -1,35 +1,83 @@ --- title: "Sharing a secret" categories: "Knowledge base" -tags: ["Backup", "Cryptography", "Encryption", "Privacy", "Security"] +tags: [ + "Backup", + "Cryptography", + "Encryption", + "Privacy", + "Security" +] --- -Making a backup of a secret can be tricky. For instance: I have a lot of passwords stored in an encrypted file, which I can edit through my password manager. The data in that file is both very sensitive and crucial. I currently have some offline backups (which are updated every once in a while) in different locations and one online backup in case I lose access to my passwords and I am not able to go to one of the locations where other backups are kept. -The problem with having an online backup is that such sensitive data must be kept away from untrusted third parties and, so far, there's no third party I would trust with all those passwords. My solution is to distribute the trust. The encrypted file is encrypted again multiple times with very long random passwords. Those passwords are distributed across different services, and the file in another one, so no one service has access to the encrypted file. - -This seems like a reasonably secure system (considering the diversity of parties that should agree to attack me/get hacked). However, a couple of days ago, I was introduced to a much simpler and convenient method to "distribute" a secret: [Shamir's Secret Sharing](https://en.wikipedia.org/wiki/Shamir%27s_Secret_Sharing). +Making a backup of a secret can be tricky. For instance: I have a lot of +passwords stored in an encrypted file, which I can edit through my password +manager. The data in that file is both very sensitive and crucial. I currently +have some offline backups (which are updated every once in a while) in different +locations and one online backup in case I lose access to my passwords and I am +not able to go to one of the locations where other backups are kept. + +The problem with having an online backup is that such sensitive data must be +kept away from untrusted third parties and, so far, there's no third party I +would trust with all those passwords. My solution is to distribute the trust. +The encrypted file is encrypted again multiple times with very long random +passwords. Those passwords are distributed across different services, and the +file in another one, so no one service has access to the encrypted file. + +This seems like a reasonably secure system (considering the diversity of parties +that should agree to attack me/get hacked). However, a couple of days ago, I was +introduced to a much simpler and convenient method to "distribute" a secret: +[Shamir's Secret Sharing][sss]. ## Shamir's Secret Sharing -Shamir's Secret Sharing was created by [Adi Shamir](https://en.wikipedia.org/wiki/Adi_Shamir), a cryptographer who is also the co-inventor of the—probably more widely known—[RSA algorithm](https://en.wikipedia.org/wiki/RSA_(cryptosystem)) (yes, that S stands for Shamir!). Here, I'll try to briefly explain how it works. +Shamir's Secret Sharing was created by [Adi Shamir][as], a cryptographer who is +also the co-inventor of the—probably more widely known—[RSA algorithm][rsa] +(yes, that S stands for Shamir!). Here, I'll try to briefly explain how it +works. -Given a secret $S$ (coded as a number), we want to distribute it among $n$ parties (giving each party a "share" of the secret) in such a way that only $k \leq n$ shares are needed to retrieve the secret, but that $k-1$ shares don't grant any kind of knowledge on $S$. +Given a secret $S$ (coded as a number), we want to distribute it among $n$ +parties (giving each party a "share" of the secret) in such a way that only $k +\leq n$ shares are needed to retrieve the secret, but that $k-1$ shares don't +grant any kind of knowledge on $S$. -Shamir's method is based on the fact that given $n + 1$ pairs $(x_i, y_i)$ such that $i \neq j \implies x_i \neq x_j$, then there exists a unique polynomial $p$ of degree $n$ or less that satisfies that $p(x_i) = y_i$, $\forall i \in \{1, \dots, n\}$ (and we have an efficient method to find $p$ given $n$ points). +Shamir's method is based on the fact that given $n + 1$ pairs $(x_i, y_i)$ such +that $i \neq j \implies x_i \neq x_j$, then there exists a unique polynomial $p$ +of degree $n$ or less that satisfies that $p(x_i) = y_i$, $\forall i \in \{1, +\dots, n\}$ (and we have an efficient method to find $p$ given $n$ points). -Let's put it into practice. Given a secret $S$, to be shared with $n$ parties in a way that any $k$ parties can retrieve it, we'll build the following polynomial: +Let's put it into practice. Given a secret $S$, to be shared with $n$ parties in +a way that any $k$ parties can retrieve it, we'll build the following +polynomial: <div class="mathjax-container"> $$p(x) = S + a_1 x + a_2 x^2 + ... + a_{k-1} x^{k-1},$$ </div> -where $a_i$ are random numbers, $\forall i \in \{1, \dots, k-1\}$. Now we'll evaluate our polynomial on $n$ different points (and different from 0) to obtain $n$ pairs of the form $(x_i, p(x_i))$. This will be the shares of the secret. Each party will get one share. We know that $k$ shares define a unique polynomial $p$ of degree $k-1$, (if we find it, we'll find $S$). On the other hand, there are an infinite amount of polynomials of degree $k-1$ that interpolate $k-1$ points, so the secret cannot be easily obtained by gaining access to $k-1$ shares[^integers]. - -[^integers]: This is not completely true when working with positive integers, but it can be solved by working with finite fields. - -If we want to recover the secret from $k$ shares, we can interpolate the $k$ points $(x_i, p(x_i))$ using [Lagrange's form for the interpolation polynomial](https://en.wikipedia.org/wiki/Lagrange_polynomial)[^proof]: - -[^proof]: Let's quickly prove that the $p$ defined in Lagrange's form ($\bar{p}$ from now on) is the same as the previously defined $p$. $\bar{p}$ is clearly a polynomial of degree (at most) $k-1$, since it is the sum of polynomials of degree $k-1$, so we only need to prove that it interpolates the points given (we'll asume that the fact that there is only one polynomial of degree at most $k-1$ that interpolates $k$ points is true). That is easy to prove since $i \neq j \implies l_i(x_j) = 0$ and $l_i(x_i) = 1$, therefore having $\bar{p}(x_i) = p(x_i) l_i(x_i) = p(x_i)$. +where $a_i$ are random numbers, $\forall i \in \{1, \dots, k-1\}$. Now we'll +evaluate our polynomial on $n$ different points (and different from 0) to obtain +$n$ pairs of the form $(x_i, p(x_i))$. This will be the shares of the secret. +Each party will get one share. We know that $k$ shares define a unique +polynomial $p$ of degree $k-1$, (if we find it, we'll find $S$). On the other +hand, there are an infinite amount of polynomials of degree $k-1$ that +interpolate $k-1$ points, so the secret cannot be easily obtained by gaining +access to $k-1$ shares[^integers]. + +[^integers]: This is not completely true when working with positive integers, + but it can be solved by working with finite fields. + +If we want to recover the secret from $k$ shares, we can interpolate the $k$ +points $(x_i, p(x_i))$ using [Lagrange's form for the interpolation +polynomial][int][^proof]: + +[^proof]: Let's quickly prove that the $p$ defined in Lagrange's form ($\bar{p}$ + from now on) is the same as the previously defined $p$. $\bar{p}$ is clearly a + polynomial of degree (at most) $k-1$, since it is the sum of polynomials of + degree $k-1$, so we only need to prove that it interpolates the points given + (we'll asume that the fact that there is only one polynomial of degree at most + $k-1$ that interpolates $k$ points is true). That is easy to prove since $i + \neq j \implies l_i(x_j) = 0$ and $l_i(x_i) = 1$, therefore having + $\bar{p}(x_i) = p(x_i) l_i(x_i) = p(x_i)$. <div class="mathjax-container"> $$p(x) = \sum_{i=1}^{k} p(x_i) l_i(x),$$ @@ -38,11 +86,21 @@ $$p(x) = \sum_{i=1}^{k} p(x_i) l_i(x),$$ where <div class="mathjax-container"> -$$l_i(x) = \prod_{\begin{smallmatrix}1\leq m\leq k\\ m\neq i\end{smallmatrix}} \frac{x-x_m}{x_i-x_m}.$$ +$$l_i(x) = \prod_{\begin{smallmatrix}1\leq m\leq k\\ m\neq i\end{smallmatrix}} +\frac{x-x_m}{x_i-x_m}.$$ </div> Now, evaluating on $x = 0$ we'll find the secret (because $p(0) = S$). ## Final notes -Now we have a method to share our secret between multiple parties and being able to retrieve it with only some of them. This method is not too hard to code yourself, however, there are implementations online if you would rather not do that (make sure you are running trusted code!). +Now we have a method to share our secret between multiple parties and being able +to retrieve it with only some of them. This method is not too hard to code +yourself, however, there are implementations online if you would rather not do +that (make sure you are running trusted code!). + + +[sss]: <https://en.wikipedia.org/wiki/Shamir%27s_Secret_Sharing> "Shamir's Secret Sharing — Wikipedia" +[as]: <https://en.wikipedia.org/wiki/Adi_Shamir> "Adi Shamir — Wikipedia" +[rsa]: <https://en.wikipedia.org/wiki/RSA_(cryptosystem)> "RSA — Wikipedia" +[int]: <https://en.wikipedia.org/wiki/Lagrange_polynomial> "Lagrange polynomial — Wikipedia" diff --git a/content/blog/2020-03-01-new-domain-name.md b/content/blog/2020-03-01-new-domain-name.md @@ -1,6 +1,10 @@ --- title: "New domain name: oscarbenedito.com" categories: "Incidental" -tags: ["Personal domain"] +tags: [ "Personal domain" ] --- -After a lot of thought, I have decided to change my domain to [oscarbenedito.com](https://oscarbenedito.com). My website should be completely moved, however other services (including my email) are still under the obenedito.org domain, I will move them progressively when I have time to do so. + +After a lot of thought, I have decided to change my domain to +[oscarbenedito.com](https://oscarbenedito.com). My website should be completely +moved, however other services (including my email) are still under the +obenedito.org domain, I will move them progressively when I have time to do so. diff --git a/content/blog/2020-03-02-types-of-networks.md b/content/blog/2020-03-02-types-of-networks.md @@ -1,36 +1,95 @@ --- title: "Centralized, decentralized and distributed networks" categories: "Knowledge base" -tags: ["Networks", "Communications", "Decentralization", "Centralization", "Distributed networks"] +tags: [ + "Networks", + "Communications", + "Decentralization", + "Centralization", + "Distributed networks" +] --- -When we are trying to understand a communications network, having an approximate image of how the network operates can be very valuable. Do all communications go through the same node? Is there a central authority? Can nodes communicate directly with each other? Depending on how the network operates, we can classify it as centralized, decentralized or distributed. + +When we are trying to understand a communications network, having an approximate +image of how the network operates can be very valuable. Do all communications go +through the same node? Is there a central authority? Can nodes communicate +directly with each other? Depending on how the network operates, we can classify +it as centralized, decentralized or distributed. ### Centralized networks -When all the nodes on a network are connected to one unique node, we call it a centralized network. All communications happen through that one "master" node. An example of a centralized network is the one created by most instant messengers, for example [Signal](https://signal.org/). Every time we send a message, it goes to Signal's servers and it is then sent to its destination. This creates a network similar to the following, where everyone is connected to one server (or cluster of servers). +When all the nodes on a network are connected to one unique node, we call it a +centralized network. All communications happen through that one "master" node. +An example of a centralized network is the one created by most instant +messengers, for example [Signal][s]. Every time we send a message, it goes to +Signal's servers and it is then sent to its destination. This creates a network +similar to the following, where everyone is connected to one server (or cluster +of servers). <p style="text-align: center"><svg class="basic-svg" viewBox="0 0 633.9 523.77"><use xlink:href="/img/blog/2020/03/types-of-networks/centralized-network.svg#l"></use></svg></p> -Having everything go through the same computer has its pros and cons. On the one hand, it makes deployment easier and faster, data consistency is easy to maintain and it is an efficient network (if, for instance, you need to gather data, it is all in one server). On the other hand, it creates a single point of failure for the whole network (which also facilitates censorship) and it makes it easier to abuse users (as the central server has a monopoly over the network)[^common]. This type of network also makes escalation much harder, as the resources are provided by one sole party. +Having everything go through the same computer has its pros and cons. On the one +hand, it makes deployment easier and faster, data consistency is easy to +maintain and it is an efficient network (if, for instance, you need to gather +data, it is all in one server). On the other hand, it creates a single point of +failure for the whole network (which also facilitates censorship) and it makes +it easier to abuse users (as the central server has a monopoly over the +network)[^common]. This type of network also makes escalation much harder, as +the resources are provided by one sole party. -[^common]: This is pretty usual. Whether it is services selling user's data, censoring content, a sudden rise of prices, etc., when dealing with centralized services, users don't have much choice but to leave the network completely (which might not be affordable). +[^common]: This is pretty usual. Whether it is services selling user's data, + censoring content, a sudden rise of prices, etc., when dealing with + centralized services, users don't have much choice but to leave the network + completely (which might not be affordable). ### Decentralized networks -Decentralized networks don't have one central node, but multiple of them, which are connected between themselves. When clients connect to the network, their communications go through their "master" node, to the destination's "master" node, and finally to the destination. An example of a decentralized network is [e-mail](https://en.wikipedia.org/wiki/Email). When Alice (`alice@example.com`) wants to send an e-mail to Bob (`bob@example.org`), Alice's computer sends the message to `example.com`'s server. From there, it is sent to `example.org`, and finally `example.org` sends it to Bob's computer. A decentralized network looks similar to the following network. +Decentralized networks don't have one central node, but multiple of them, which +are connected between themselves. When clients connect to the network, their +communications go through their "master" node, to the destination's "master" +node, and finally to the destination. An example of a decentralized network is +[e-mail][em]. When Alice (`alice@example.com`) wants to send an e-mail to Bob +(`bob@example.org`), Alice's computer sends the message to `example.com`'s +server. From there, it is sent to `example.org`, and finally `example.org` sends +it to Bob's computer. A decentralized network looks similar to the following +network. <p style="text-align: center"><svg class="basic-svg" viewBox="0 0 633.9 523.77"><use xlink:href="/img/blog/2020/03/types-of-networks/decentralized-network.svg#l"></use></svg></p> -Decentralized networks solve some of the centralization problems: no entity has control over the whole network anymore, allowing users to choose between different providers and switch servers (or self-host) if one starts abusing its power. If a server is down, others can still communicate ordinarily, which also makes censorship more difficult. Decentralized networks are also easier to escalate. Nonetheless, this type of network requires more infrastructure and can become less efficient for certain operations (like global tasks). It is also harder to deploy updates, as servers might update at different times, when each administrator decides to do so. +Decentralized networks solve some of the centralization problems: no entity has +control over the whole network anymore, allowing users to choose between +different providers and switch servers (or self-host) if one starts abusing its +power. If a server is down, others can still communicate ordinarily, which also +makes censorship more difficult. Decentralized networks are also easier to +escalate. Nonetheless, this type of network requires more infrastructure and can +become less efficient for certain operations (like global tasks). It is also +harder to deploy updates, as servers might update at different times, when each +administrator decides to do so. ### Distributed networks -Distributed networks only have one type of node, and they are connected with each other (although not necessarily all with all). This creates a very robust network where all nodes are client and server at the same time. The [BitTorrent protocol](https://en.wikipedia.org/wiki/BitTorrent) is an example of a protocol that works with a distributed network. The following image shows what a distributed network looks like. +Distributed networks only have one type of node, and they are connected with +each other (although not necessarily all with all). This creates a very robust +network where all nodes are client and server at the same time. The [BitTorrent +protocol][bt] is an example of a protocol that works with a distributed network. +The following image shows what a distributed network looks like. <p style="text-align: center"><svg class="basic-svg" viewBox="0 0 633.9 523.77"><use xlink:href="/img/blog/2020/03/types-of-networks/distributed-network.svg#l"></use></svg></p> -Because there are no central servers, distributed networks easily circumvent censorship and are practically immune to denial-of-service attacks. Since every user is client and server at the same time, these networks are highly scalable without the need for additional central resources. However, distributed networks make deployment a lot harder. +Because there are no central servers, distributed networks easily circumvent +censorship and are practically immune to denial-of-service attacks. Since every +user is client and server at the same time, these networks are highly scalable +without the need for additional central resources. However, distributed networks +make deployment a lot harder. ## Final comments -I hope this post has clarified the main differences between centralized, decentralized and distributed networks as well as showed some applications for each of them. In the future, I might refer to this post when talking about services and the type of network they rely on. +I hope this post has clarified the main differences between centralized, +decentralized and distributed networks as well as showed some applications for +each of them. In the future, I might refer to this post when talking about +services and the type of network they rely on. + + +[s]: <https://signal.org/> "Signal" +[em]: <https://en.wikipedia.org/wiki/Email> "Email — Wikipedia" +[bt]: <https://en.wikipedia.org/wiki/BitTorrent> "BitTorrent — Wikipedia" diff --git a/content/blog/2020-03-12-lightweight-website.md b/content/blog/2020-03-12-lightweight-website.md @@ -1,16 +1,57 @@ --- title: "A lightweight website" categories: "Technology" -tags: ["Personal domain", "CSS", "Hugo", "Personal website", "Website"] +tags: [ + "Personal domain", + "CSS", + "Hugo", + "Personal website", + "Website" +] --- -Since the start of this site, having a lightweight website has been one of my priorities. Every file served has been minimized, you won't see any pictures that aren't vector graphics (except for the `favicon.ico` file) and users don't need to download fonts or JavaScript libraries. On top of that, the amount of JavaScript required is minimum. Indeed, as of right now, the only JS that runs is a very simple function to toggle the theme and another one to open the navigation menu on small screens. That results in super lightweight pages, which keeps the loading time to a minimum and reduces the bandwidth usage of the server. -The one thing I've had doubts about is minimizing HTML. Some friends argued that minimizing the code obscures it, while I argued that it is easy to *prettify* HTML with one of the many tools online. However, lately, I have been a bit frustrated with Hugo's minimizing tool as it had some unexpected behavior with SVG's, so I decided to investigate the pros and cons of file minimization a bit further. +Since the start of this site, having a lightweight website has been one of my +priorities. Every file served has been minimized, you won't see any pictures +that aren't vector graphics (except for the `favicon.ico` file) and users don't +need to download fonts or JavaScript libraries. On top of that, the amount of +JavaScript required is minimum. Indeed, as of right now, the only JS that runs +is a very simple function to toggle the theme and another one to open the +navigation menu on small screens. That results in super lightweight pages, which +keeps the loading time to a minimum and reduces the bandwidth usage of the +server. -When you access a webpage it is normally compressed (if the server supports it), and this compression makes the previous minimization of files almost useless. Let me explain: my main blog page's size is about 18.3KB, but it can be reduced down to 17.2KB with Hugo's minimizing tool[^errors]. Once compressed with [gzip](https://en.wikipedia.org/wiki/Gzip), the sizes are 5845 and 5747 bytes respectively, so the bandwidth save is only 100 bytes! Similar results have been obtained for all the pages of the site that I have tested, so it looks like minimizing isn't helping that much. +The one thing I've had doubts about is minimizing HTML. Some friends argued that +minimizing the code obscures it, while I argued that it is easy to *prettify* +HTML with one of the many tools online. However, lately, I have been a bit +frustrated with Hugo's minimizing tool as it had some unexpected behavior with +SVG's, so I decided to investigate the pros and cons of file minimization a bit +further. -[^errors]: It is actually 15.5KB, but that includes errors on the SVG's minified, once fixed, it becomes the 17.2KB mentioned. +When you access a webpage it is normally compressed (if the server supports it), +and this compression makes the previous minimization of files almost useless. +Let me explain: my main blog page's size is about 18.3KB, but it can be reduced +down to 17.2KB with Hugo's minimizing tool[^errors]. Once compressed with +[gzip][gz], the sizes are 5845 and 5747 bytes respectively, so the bandwidth +save is only 100 bytes! Similar results have been obtained for all the pages of +the site that I have tested, so it looks like minimizing isn't helping that +much. -On the other hand, I see the point made by the friends who argue that having the code available when pressing `view source` can be useful, even if code could potentially be prettified. Given this, I have decided not to minimize the HTML files. A similar argument could be made to not minimize CSS and JS (indeed, in the future I might change my mind), but they will stay minimized for now[^css-js]. +[^errors]: It is actually 15.5KB, but that includes errors on the SVG's + minified, once fixed, it becomes the 17.2KB mentioned. -[^css-js]: These files can be found more easily on the source code since they are not build up from templates, and it is uncommon to view the source code of those files, as they are normally viewed from the browser's inspection tools. On top of that, CSS is "compiled" from SCSS files, and once again, these files are easily reachable at the public repository of the website. Finally, the change in size is higher (1.5KB for the CSS file). +On the other hand, I see the point made by the friends who argue that having the +code available when pressing `view source` can be useful, even if code could +potentially be prettified. Given this, I have decided not to minimize the HTML +files. A similar argument could be made to not minimize CSS and JS (indeed, in +the future I might change my mind), but they will stay minimized for +now[^css-js]. + +[^css-js]: These files can be found more easily on the source code since they + are not build up from templates, and it is uncommon to view the source code of + those files, as they are normally viewed from the browser's inspection tools. + On top of that, CSS is "compiled" from SCSS files, and once again, these files + are easily reachable at the public repository of the website. Finally, the + change in size is higher (1.5KB for the CSS file). + + +[gz]: <https://en.wikipedia.org/wiki/Gzip> "gzip — Wikipedia" diff --git a/content/blog/2020-03-21-lighter-website.md b/content/blog/2020-03-21-lighter-website.md @@ -1,28 +1,71 @@ --- title: "A lighter website" categories: "Technology" -tags: ["Personal domain", "CSS", "Hugo", "Personal website", "Website"] +tags: [ + "Personal domain", + "CSS", + "Hugo", + "Personal website", + "Website" +] --- -Following up with the [last post]({{< ref "/blog/2020-03-12-lightweight-website.md" >}}), I decided to make my website even faster (which probably doesn't make a difference anymore). + +Following up with the [last post][post], I decided to make my website even +faster (which probably doesn't make a difference anymore). ## The logo -My pages (HTML only) were about 21KB (without compression), but 11KB of those consisted of an SVG that appeared in all of them: the logo. The logo wasn't requested from a different static file because I needed to modify it using CSS (so that colors would change when switching to the dark theme) and, at the time, I thought inlining was the only option to allow that. However, investigating a little I found out there are alternatives to inlining: we can take advantage of the `use` tag of SVGs to "inline" an SVG from a different URL. By using that, my pages are now around 10KB of size (plus the statics files, which have a total size of 37KB for the pages without MathJax). +My pages (HTML only) were about 21KB (without compression), but 11KB of those +consisted of an SVG that appeared in all of them: the logo. The logo wasn't +requested from a different static file because I needed to modify it using CSS +(so that colors would change when switching to the dark theme) and, at the time, +I thought inlining was the only option to allow that. However, investigating a +little I found out there are alternatives to inlining: we can take advantage of +the `use` tag of SVGs to "inline" an SVG from a different URL. By using that, my +pages are now around 10KB of size (plus the statics files, which have a total +size of 37KB for the pages without MathJax). ## The static files -Considering that the `favicon.ico` is already 15KB, 47KB for a page is very good! Nevertheless, I wanted to reduce it even more[^fun]. I looked into browser caching and liked the idea. I'll explain the basics. When our browser sends a request for a certain resource (URL/file), the server that responds can add information that tells the browser how long it should keep the file for. If the next time you browse that site and need the file again the file hasn't "expired", your browser will not request it, but instead make use of the copy previously downloaded. This reduces the number of requests made and the bandwidth used. +Considering that the `favicon.ico` is already 15KB, 47KB for a page is very +good! Nevertheless, I wanted to reduce it even more[^fun]. I looked into browser +caching and liked the idea. I'll explain the basics. When our browser sends a +request for a certain resource (URL/file), the server that responds can add +information that tells the browser how long it should keep the file for. If the +next time you browse that site and need the file again the file hasn't +"expired", your browser will not request it, but instead make use of the copy +previously downloaded. This reduces the number of requests made and the +bandwidth used. -[^fun]: By now you have probably figured out this is more of a hobby than something useful, as the size reduced is ridiculously small. +[^fun]: By now you have probably figured out this is more of a hobby than + something useful, as the size reduced is ridiculously small. -The only problem with browser caching is that if the contents of a certain file change, your users will not see those until their copies expire. We want to maximize the time a file is used for before requesting it again while minimizing the time between update checks (unless our static files never change). To solve that, I used [Hugo's Pipes](https://gohugo.io/hugo-pipes), which allows you to add the SHA256 sum of a static file to its name automatically (and all the places where the file is referenced). Now when downloading the CSS file, your browser is requesting `https://oscarbenedito.com/css/style.min.<SHA256>.css`, which will (highly probably) change when the contents change. Since the URL will be different, the browser will request the new file. +The only problem with browser caching is that if the contents of a certain file +change, your users will not see those until their copies expire. We want to +maximize the time a file is used for before requesting it again while minimizing +the time between update checks (unless our static files never change). To solve +that, I used [Hugo's Pipes][hp], which allows you to add the SHA256 sum of a +static file to its name automatically (and all the places where the file is +referenced). Now when downloading the CSS file, your browser is requesting +`https://oscarbenedito.com/css/style.min.<SHA256>.css`, which will (highly +probably) change when the contents change. Since the URL will be different, the +browser will request the new file. ## The uncompressed SVGs -I found out that SVG files where not being compressed by default[^reason]. So I also enabled that! +I found out that SVG files where not being compressed by default[^reason]. So I +also enabled that! -[^reason]: I don't really know the reason why. It might have something to do with `.svgz` files. No idea. +[^reason]: I don't really know the reason why. It might have something to do + with `.svgz` files. No idea. ## Final comment -My webpage is ridiculously small and all these optimizations aren't that important. However, it is fun to learn about all of this and it can also be helpful if in the future I have a site with bigger static files (or someone reading this has!). +My webpage is ridiculously small and all these optimizations aren't that +important. However, it is fun to learn about all of this and it can also be +helpful if in the future I have a site with bigger static files (or someone +reading this has!). + + +[post]: <{{< ref "/blog/2020-03-12-lightweight-website.md" >}}> "A lightweight website — Oscar Benedito" +[hp]: <https://gohugo.io/hugo-pipes> "Hugo Pipes" diff --git a/content/blog/2020-04-07-on-not-caring-about-your-privacy.md b/content/blog/2020-04-07-on-not-caring-about-your-privacy.md @@ -2,9 +2,10 @@ title: "On not caring about your privacy" slug: "on-not-caring-about-your-privacy" categories: "Incidental" -tags: ["Privacy"] +tags: [ "Privacy" ] date: 2020-04-07T16:17:00+00:00 --- + When talking about violations of our privacy, I've found that most people don't care because it is a thing that happens "far away" (*who in that huge enterprise cares about me, my browsing habits, etc.?*). I can see where those people are diff --git a/content/blog/2020-04-18-use-web-feeds.md b/content/blog/2020-04-18-use-web-feeds.md @@ -2,9 +2,15 @@ title: "Use web feeds!" slug: "use-web-feeds" categories: "Technology" -tags: ["Decentralization", "Personal website", "Privacy", "Website"] +tags: [ + "Decentralization", + "Personal website", + "Privacy", + "Website" +] date: 2020-04-18T14:59:00+00:00 --- + Web feeds are data formats used to provide users with updates through web syndication. Websites can use web feeds to post their content in a format that allows users to easily check for updates regularly. Examples of web feeds are @@ -142,6 +148,6 @@ your full content on your web feed, read it! [json-feed]: <https://en.wikipedia.org/wiki/JSON_Feed> "JSON Feed — Wikipedia" [silo]: <https://indieweb.org/silo> "Silo — IndieWeb Wiki" [tracking-pixel]: <https://en.wikipedia.org/wiki/Web_beacon> "Web beacon — Wikipedia" -[nitter]: <https://github.com/zedeus/nitter> "Nitter repository" -[bibliogram]: <https://github.com/cloudrac3r/bibliogram> "Bibliogram repository" +[nitter]: <https://github.com/zedeus/nitter> "Nitter — GitHub" +[bibliogram]: <https://sr.ht/~cadence/bibliogram/> "Bibliogram — sr.ht" [kevq-post]: <https://kevq.uk/why-having-a-full-post-rss-feed-is-a-good-idea/> "Why Having A Full Post RSS Feed Is A Good Idea — Kev Quirk" diff --git a/content/blog/2020-05-05-my-journey-through-desktop-environments.md b/content/blog/2020-05-05-my-journey-through-desktop-environments.md @@ -2,10 +2,16 @@ title: "My journey through desktop environments" slug: "my-journey-through-desktop-environments" categories: "Technology" -tags: ["Decentralization", "Personal website", "Privacy", "Website"] +tags: [ + "Decentralization", + "Personal website", + "Privacy", + "Website" +] date: 2020-05-05T19:26:00+00:00 lastmod: 2020-05-06T07:52:00+00:00 --- + My first experience with GNU/Linux was with KDE. It is the desktop environment used on my college computers, and it was more or less the only experience I had with the GNU/Linux operative system, so it was the desktop environment I @@ -122,6 +128,6 @@ considering using a tiling manager, think about it! Also recommended if you use vim! -[i3]: <https://i3wm.org/> "i3 website" -[sway]: <https://swaywm.org/> "Sway website" -[dwm]: <https://dwm.suckless.org/> "dwm website" +[i3]: <https://i3wm.org/> "i3" +[sway]: <https://swaywm.org/> "Sway" +[dwm]: <https://dwm.suckless.org/> "dwm" diff --git a/content/blog/2020-05-27-blocking-connections-on-android.md b/content/blog/2020-05-27-blocking-connections-on-android.md @@ -2,7 +2,12 @@ title: "Blocking connections on Android" slug: "blocking-connections-on-android" categories: "Technology" -tags: ["Decentralization", "Personal website", "Privacy", "Website"] +tags: [ + "Decentralization", + "Personal website", + "Privacy", + "Website" +] date: 2020-05-27T19:01:00+00:00 --- @@ -67,5 +72,6 @@ on a stock ROM or another custom ROM—, let me know if it works! You still won' be able to block certain apps' connections as with NetGuard, but you won't have ads while keeping the VPN feature available for other uses. -[ng]: <https://www.netguard.me/> "NetGuard's website" -[repo]: <https://github.com/StevenBlack/hosts> "Unified hosts file repository" + +[ng]: <https://www.netguard.me/> "NetGuard's" +[repo]: <https://github.com/StevenBlack/hosts> "Unified hosts — GitHub" diff --git a/content/blog/2020-06-23-setting-up-a-personal-git-server.md b/content/blog/2020-06-23-setting-up-a-personal-git-server.md @@ -237,15 +237,16 @@ repositories from my domain, you can find all of that here: long process. However, you can just push to a new remote address and GitLab will automatically create the new repository. + [cgit]: <https://git.zx2c4.com/cgit/about/> "cgit's information" -[dmenu]: <https://tools.suckless.org/dmenu/> "dmenu's homepage" +[dmenu]: <https://tools.suckless.org/dmenu/> "dmenu" [g-email]: <https://git-send-email.io/> "Learn to use email with Git!" -[gitea]: <https://gitea.io> "Gitea's home page" -[gogs]: <https://gogs.io> "Gogs' homepage" -[gsc]: <https://git.oscarbenedito.com/utilities/> "Personal git-shell commands" -[prot-doc]: <https://git-scm.com/book/en/v2/Git-on-the-Server-Git-Daemon> "Git daemon documentation" -[sg-fork]: <https://git.oscarbenedito.com/stagit/> "Personal stagit fork" -[sh]: <https://sourcehut.org/> "Sourcehut's homepage" -[sl]: <https://suckless.org> "Suckless' homepage" -[st]: <https://st.suckless.org/> "st's homepage" -[stagit]: <https://codemadness.org/stagit.html> "Stagit blog post" +[gitea]: <https://gitea.io> "Gitea" +[gogs]: <https://gogs.io> "Gogs" +[gsc]: <https://git.oscarbenedito.com/utilities/> "Utilities — git.oscarbenedito.com" +[prot-doc]: <https://git-scm.com/book/en/v2/Git-on-the-Server-Git-Daemon> "Git Daemon — Git" +[sg-fork]: <https://git.oscarbenedito.com/stagit/> "stagit — git.oscarbenedito.com" +[sh]: <https://sourcehut.org/> "Sourcehut" +[sl]: <https://suckless.org> "Suckless" +[st]: <https://st.suckless.org/> "st" +[stagit]: <https://codemadness.org/stagit.html> "Stagit blog post — codemadness.org" diff --git a/content/blog/_index.md b/content/blog/_index.md @@ -8,6 +8,7 @@ This is my personal blog. You can subscribe to [my feed][feed] or look through all the posts on [the archive][archive]. You can find links to other blogs I follow on [my blogroll][br]. + [feed]: </blog/index.xml> "Blog feed" [archive]: </blog/archive/> "Blog archive" [br]: </blogroll/> "Blogroll" diff --git a/content/blogroll.md b/content/blogroll.md @@ -2,9 +2,11 @@ title: Blogroll type: page --- + Blogs I have found interesting, alphabetically sorted. You can easily import all the blogs to your feed reader using [this OMPL file][ompl]. {{< blogroll >}} + [ompl]: </blogroll/blogroll.ompl> "Blogroll's OMPL file" diff --git a/content/jsweblabels.html b/content/jsweblabels.html @@ -2,6 +2,7 @@ title: JavaScript Web Labels type: page --- + <p>This page is basically a list of all the JavaScript files I use in my website, their license and their source code. I wanted to make a completely free/libre website and although it would be free/libre even if this page didn't exist, it allows LibreJS users to run the JavaScript without having to whitelist it manually and also offers an easy way for everybody to find the source code files.</p> <p>You can find more information on free/libre JavaScript <a href="https://www.gnu.org/philosophy/javascript-trap.html">here</a>.</p>