-- Leo's gemini proxy

-- Connecting to git.thebackupbox.net:1965...

-- Connected

-- Sending request

-- Meta line: 20 text/gemini

repo: blog
action: commit
revision:
path_from:
revision_from: 163cf343f2fcfe2536cf791dcfcc4df12c7095dc:
path_to:
revision_to:

commit 163cf343f2fcfe2536cf791dcfcc4df12c7095dc
Author: epoch <epoch@thebackupbox.net>
Date:   Tue Jan 17 06:05:31 2023 +0000

    forgot a lot of things... oh well.

diff --git a/bookmarklets b/bookmarklets
new file mode 100644
index 0000000000000000000000000000000000000000..3d3f92777fa37ae775ddc98207ac9a8c8641386a
--- /dev/null
+++ b/bookmarklets
@@ -0,0 +1,57 @@
+# bookmarklet collection!
+
+(note: this isn't for gemini)
+=> https://thebackupbox.net/~epoch/blog/bookmarklets you can play with this page over http
+
+I'm collecting bookmarklets because it seems a lot of people forget they exist, or what they're capable of, then end up making add-ons when they don't need to.
+
+## mastodon share
+
+=> javascript:location.href="https://tilde.zone/share?text="+escape(location.href); bookmarklet to share current URL with your tilde.zone account.
+change the domain in the bookmarklet to suit your needs.
+```
+javascript:location.href="https://tilde.zone/share?text="+escape(location.href);
+```
+
+## random tvtrope
+
+=> javascript:location.href="http://tvtropes.org/pmwiki/randomitem.php?__cache_breaker__="+Math.random(); random tvtropes trope page.
+```
+javascript:location.href="http://tvtropes.org/pmwiki/randomitem.php?__cache_breaker__="+Math.random();
+```
+I found the randomitem.php URL in an add-on that no longer worked and added a random value to it to get around a cache that seems
+to have been preventing this from just being a basic link.
+
+## invert lightness
+
+this next one is kind of long so I won't put a link to it.
+I stole it from stack overflow I think. it is to invert the lightness of a page.
+
+=> javascript:(function(){function%20RGBtoHSL(RGBColor){with(Math){var%20R,G,B;var%20cMax,cMin;var%20sum,diff;var%20Rdelta,Gdelta,Bdelta;var%20H,L,S;R=RGBColor[0];G=RGBColor[1];B=RGBColor[2];cMax=max(max(R,G),B);cMin=min(min(R,G),B);sum=cMax+cMin;diff=cMax-cMin;L=sum/2;if(cMax==cMin){S=0;H=0;}else{if(L<=(1/2))S=diff/sum;else%20S=diff/(2-sum);Rdelta=R/6/diff;Gdelta=G/6/diff;Bdelta=B/6/diff;if(R==cMax)H=Gdelta-Bdelta;else%20if(G==cMax)H=(1/3)+Bdelta-Rdelta;else%20H=(2/3)+Rdelta-Gdelta;if(H<0)H+=1;if(H>1)H-=1;}return[H,S,L];}}function%20getRGBColor(node,prop){var%20rgb=getComputedStyle(node,null).getPropertyValue(prop);var%20r,g,b;if(/rgb\((\d+),\s(\d+),\s(\d+)\)/.exec(rgb)){r=parseInt(RegExp.$1,10);g=parseInt(RegExp.$2,10);b=parseInt(RegExp.$3,10);return[r/255,g/255,b/255];}return%20rgb;}function%20hslToCSS(hsl){return%20"hsl("+Math.round(hsl[0]*360)+",%20"+Math.round(hsl[1]*100)+"%,%20"+Math.round(hsl[2]*100)+"%)";}var%20props=["color","background-color","border-left-color","border-right-color","border-top-color","border-bottom-color"];var%20props2=["color","backgroundColor","borderLeftColor","borderRightColor","borderTopColor","borderBottomColor"];if(typeof%20getRGBColor(document.documentElement,"background-color")=="string")document.documentElement.style.backgroundColor="white";revl(document.documentElement);function%20revl(n){var%20i,x,color,hsl;if(n.nodeType==Node.ELEMENT_NODE){for(i=0;x=n.childNodes[i];++i)revl(x);for(i=0;x=props[i];++i){color=getRGBColor(n,x);if(typeof(color)!="string"){hsl=RGBtoHSL(color);hsl[2]=1-hsl[2];n.style[props2[i]]=hslToCSS(hsl);}}}}})() invert page lightness
+
+```
+javascript:(function(){function%20RGBtoHSL(RGBColor){with(Math){var%20R,G,B;var%20cMax,cMin;var%20sum,diff;var%20Rdelta,Gdelta,Bdelta;var%20H,L,S;R=RGBColor[0];G=RGBColor[1];B=RGBColor[2];cMax=max(max(R,G),B);cMin=min(min(R,G),B);sum=cMax+cMin;diff=cMax-cMin;L=sum/2;if(cMax==cMin){S=0;H=0;}else{if(L<=(1/2))S=diff/sum;else%20S=diff/(2-sum);Rdelta=R/6/diff;Gdelta=G/6/diff;Bdelta=B/6/diff;if(R==cMax)H=Gdelta-Bdelta;else%20if(G==cMax)H=(1/3)+Bdelta-Rdelta;else%20H=(2/3)+Rdelta-Gdelta;if(H<0)H+=1;if(H>1)H-=1;}return[H,S,L];}}function%20getRGBColor(node,prop){var%20rgb=getComputedStyle(node,null).getPropertyValue(prop);var%20r,g,b;if(/rgb\((\d+),\s(\d+),\s(\d+)\)/.exec(rgb)){r=parseInt(RegExp.$1,10);g=parseInt(RegExp.$2,10);b=parseInt(RegExp.$3,10);return[r/255,g/255,b/255];}return%20rgb;}function%20hslToCSS(hsl){return%20"hsl("+Math.round(hsl[0]*360)+",%20"+Math.round(hsl[1]*100)+"%,%20"+Math.round(hsl[2]*100)+"%)";}var%20props=["color","background-color","border-left-color","border-right-color","border-top-color","border-bottom-color"];var%20props2=["color","backgroundColor","borderLeftColor","borderRightColor","borderTopColor","borderBottomColor"];if(typeof%20getRGBColor(document.documentElement,"background-color")=="string")document.documentElement.style.backgroundColor="white";revl(document.documentElement);function%20revl(n){var%20i,x,color,hsl;if(n.nodeType==Node.ELEMENT_NODE){for(i=0;x=n.childNodes[i];++i)revl(x);for(i=0;x=props[i];++i){color=getRGBColor(n,x);if(typeof(color)!="string"){hsl=RGBtoHSL(color);hsl[2]=1-hsl[2];n.style[props2[i]]=hslToCSS(hsl);}}}}})()
+```
+
+## change tab title
+
+=> javascript:{document.title=prompt("new\x20title");void(0)} change current tab's title.
+```
+javascript:{document.title=prompt("new title");void(0)}
+```
+
+## linkify minetest
+
+this one converts the list at
+=> https://minetest.servers.net/
+to include minetest:// links for each server if you decide to write you own minetest:// support for your computer... I did.
+
+=> javascript:{a=document.getElementsByClassName("address");for(i=0;i<a.length;i++){if(a[i].children[0].title){c=a[i].children[0].title;d=a[i].children[0].innerHTML}else{c=a[i].children[0].innerHTML;d=c;}a[i].children[0].innerHTML='<a%20href="minetest://'+c+'">'+d+'</a>'}};void(0); don't bother clicking here, it won't do anything.
+bookmark this link first, then go to minetest.servers.net, THEN click the bookmarklet to get links in the server list. :)
+
+=> https://thebackupbox.net/~epoch/minetest.html (or just use the minetest server list I made)
+
+```
+javascript:{a=document.getElementsByClassName("address");for(i=0;i<a.length;i++){if(a[i].children[0].title){c=a[i].children[0].title;d=a[i].children[0].innerHTML}else{c=a[i].children[0].innerHTML;d=c;}a[i].children[0].innerHTML='<a%20href="minetest://'+c+'">'+d+'</a>'}};void(0);
+```
+
diff --git a/certs b/certs
new file mode 100644
index 0000000000000000000000000000000000000000..5fb56237d84501bec293a63d1faa1b815bad55f5
--- /dev/null
+++ b/certs
@@ -0,0 +1,43 @@
+# TLS/SSL cert recipes.
+
+I guess I'll put this into Makefile format.
+partially stolen from my letsencrypt repo.
+=> //git.thebackupbox.net/letsencrypt
+
+you'll want to replace my domain with your own domain.
+and if you use the acme-tiny part, you'll want to change the acme-dir to your own.
+
+## to make a new key
+```
+keys/%.key.pem:
+	openssl req -x509 -newkey rsa:4096 -keyout $@ -nodes
+```
+
+## to make self-signed certs with pre-existing keys
+```
+self-signed/%.crt: keys/%.key.pem
+	openssl req -x509 -key $< -out $@ -sha256 -days 365
+```
+
+these first two things should be all that you need for gemini.
+if you are interested in also getting your cert signed...
+
+## to make new cert signing request
+this line has a bit of extra stuff that goes with it...
+the config file contains sections where I put subjectAltName like:
+```
+[_https]
+subjectAltName=DNS:git.thebackupbox.net,DNS:www.thebackupbox.net
+```
+
+```
+csr/%.csr: keys/%.key.pem
+	openssl req -new -sha256 -key $< -subj "/CN=thebackupbox.net" -reqexts _$* -config openssl.cnf > $@
+```
+
+## to get acme-tiny to get our csr signed.
+```
+LE-signed/%.crt: csr/%.csr
+	./acme-tiny/acme_tiny.py --account-key keys/.account.key.pem --csr $< --acme-dir /var/www/sites/hacking/.well-known/acme-challenge > $@.tmp && mv -f $@.tmp $@ || rm $@.tmp
+
+```
diff --git a/crypto b/crypto

--- a/crypto
+++ b/crypto
@@ -106,6 +106,35 @@ ssb   cv25519/0xA21417EA02148649 2021-08-20 [E] [expires: 2031-08-18]
 ssb   ed25519/0xBFF7C81B266B6EAF 2021-08-20 [A] [expires: 2031-08-18]
 ```

+### update, Jan 16th 2023
+
+I did a small change to my computer so application/pgp-encrypted content-types
+are now opened by an appropriate external program. in my case, I'm passing to
+mimestart (one of my script) that then checks the config file for a pipeline
+to run on the filename passed to it, the pipeline then pops up a terminal
+that contains less -f <(gpg -d < %p). to get firefox to recognize this
+and launch this when I click on this type of file, I had to use xdg-stuff like:
+
+```
+xdg-mime query default application/pgp-encrypted
+xdg-mime default ~/.local/share/applications/application_pgp-encrypted.desktop application/pgp-encrypted
+```
+
+where application_pgp-encrypted.desktop (the filename isn't important) was a basic .desktop file like:
+```
+[Desktop Entry]
+Encoding=UTF-8
+Version=1.0
+Type=Application
+NoDisplay=true
+Exec=mimestart %F
+Name=mimestart
+Comment=mimestart
+Mimetype=application/pgp-encrypted
+```
+
+=> https://unix.stackexchange.com/questions/77136/xdg-open-default-applications-behavior a thing I read while figuring this out
+
 ## git commit signing

 ```
diff --git a/firefox b/firefox

--- a/firefox
+++ b/firefox
@@ -48,3 +48,22 @@ and use xdg-mime to set a .desktop file as the handler
 ```
 xdg-mime default nemo.desktop inode/directory
 ```
+
+## more misc about:config changes
+
+to keep firefox from thinking your weird domain are searches. such as: zzz.i2p
+```
+keyword.enabled: false
+```
+
+I'm not sure wtf is up with this setting. poking it made stuff work when it wasn't.
+poking it again did the same thing.
+wtf?
+to keep onions from getting filtered like if you have a transparent proxy.
+```
+dom.securecontext.allowlist_onions: false
+```
+
+## some add-ons I use
+
+=> https://addons.mozilla.org/en-US/firefox/addon/awesome-rss/
diff --git a/index.cgi b/index.cgi
new file mode 100755
index 0000000000000000000000000000000000000000..985e2a00135d3338046aac060df69423ce0ce625
--- /dev/null
+++ b/index.cgi
@@ -0,0 +1,69 @@
+#!/usr/bin/env bash
+cd blog 2>&1 >/dev/null 2>&1
+
+if [ "${PATH_INFO}" ];then
+  case "$SERVER_PROTOCOL" in
+HTTP*)
+  printf "Status: 404 Not Found\r\n"
+  printf "Content-Type: text/plain\r\n\r\n"
+  printf "Dunno what you're talking about.\n"
+  exit 0
+  ;;
+gemini*)
+  printf "51 Not Found\r\n"
+  ;;
+*)
+  printf "wtf? gopher?"
+  ;;
+esac
+fi
+
+title='🤖 epoch'\''s "blog"'
+
+case "$SERVER_PROTOCOL" in
+
+HTTP*)
+	printf "Content-Type: text/html; charset=UTF-8\r\n\r\n"
+	printf '<html>\n'
+	printf '  <head>\n'
+	printf '    <title>%s</title>\n' "${title}"
+        printf '  </head>\n'
+        printf '  <body>\n'
+	printf '  <h1>%s</h1>\n' "${title}"
+	printf "<ul>\n"
+	find . -maxdepth 1 -type f \
+		| grep -v '^\./\.' \
+		| grep -v '\.cgi$' \
+		| sed 's|^./||g' \
+		| while read -r line;do
+			stat "$line" -c '<li><a href="%n"> %y - %n -- ' \
+				| cut '-d ' -f1-3,6- \
+				| sed 's|/blog/./|/blog/|g' \
+				| tr -d '\n'
+			grep -m1 '^#' "$line" \
+				| sed 's/^#* *//' \
+				| sed 's|$|</a></li>|g'
+		done \
+		| sort -rk 3
+	printf "</ul>\n"
+        printf '  </body>\n'
+        printf '</html>\n'
+;;
+gemini*)
+	printf "20 text/gemini\r\n"
+	printf '# %s\n' "${title}"
+	find . -maxdepth 1 -type f \
+		| grep -v '^\./\.' \
+		| grep -v '\.cgi$' \
+		| sed 's|^./||g' \
+		| while read -r line;do
+			stat "$line" -c '=> %n %y - %n -- ' \
+				| cut '-d ' -f1-3,6- \
+				| sed 's|/blog/./|/blog/|g' \
+				| tr -d '\n'
+			grep -m1 '^#' "$line" \
+				| sed 's/^#* *//'
+		done \
+		| sort -rk 3
+;;
+esac
diff --git a/matrix b/matrix
new file mode 100644
index 0000000000000000000000000000000000000000..5280139d99fc0f9044b9aa3b14fe8c054d1482ee
--- /dev/null
+++ b/matrix
@@ -0,0 +1,7 @@
+# notes on matrix
+
+weechat-matrix to verify someone when they're using a new key
+
+```
+/olm verify @user:host
+```
diff --git a/object-verb-naming b/object-verb-naming
new file mode 100644
index 0000000000000000000000000000000000000000..11985636963e1aced1a40eddde332d66b9198406
--- /dev/null
+++ b/object-verb-naming
@@ -0,0 +1,29 @@
+# naming programs
+
+I like it when I can type a description of the input
+and then tab complete things that can do stuff with it.
+
+like...
+
+```
+cat image.png | png2pnm | pnm2sixel > image.sixel
+```
+
+I try to name my tools in this way.
+
+like, uricut, and html_entities_decode
+
+echo uri | uri[tab] will show all the tools that can do URI stuff.
+
+not all of my uri tools read from stdin though so...
+
+I don't know what a good way of naming is for things that use the argument
+of a certain type vs stdin of a certain type. maybe prefix with 's' for stream?
+like what sed is to ed.
+
+that's kind of messy though and doesn't adapt to what already exists with the
+netpbm tools.
+
+what's that one hard problem in computer science?
+
+naming things, right?
diff --git a/tlsa b/tlsa
new file mode 100644
index 0000000000000000000000000000000000000000..99c693de887679b2a6b6da99d08b5ca1b0456359
--- /dev/null
+++ b/tlsa
@@ -0,0 +1,36 @@
+# notes from poking DANE and TLSA stuff
+
+(thank you to tomasino for having cosmic.voyage use TLSA records)
+
+brandname openssl has some TLSA support
+
+```
+openssl s_client -connect cosmic.voyage:1965 -dane_tlsa_domain cosmic.voyage -dane_tlsa_rrdata "$(dig +short -t TLSA _1965._tcp.cosmic.voyage)"
+```
+
+there's a python script that will verify tlsa records for you.
+lot easier to use than the other two
+because it does its own DNS lookups.
+=> https://github.com/letoams/hash-slinger
+=> https://packages.debian.org/hash-slinger
+
+```
+tlsa --verify --port 1965 cosmic.voyage
+```
+
+there's another little tool that can do tlsa checking, this time in C.
+
+=> https://github.com/vdukhovni/ssl_dane
+
+## grab the cert...
+```
+echo | openssl s_client -connect cosmic.voyage:1965 | openssl x509 -out cosmic.cert
+```
+
+## I don't know what I'm doing. :D
+```
+LD_LIBRARY_PATH=. ./connected 3 1 sha256 cosmic.cert cosmic.cert 1965 cosmic.voyage
+```
+
+I'm not sure why this "works", but it is probably wrong. it isn't using the value from the TLSA record
+at all, just two copies of the cert.

-- Response ended

-- Page fetched on Sun Jun 2 12:42:26 2024