2020-07-04-i-wrote-this-three.gmi (12848B)
1 # I Wrote This #3 2 3 It appears I'm not that great at keeping a weekly schedule. Right after I published my last post, I started a class on text adventures and have been living and breathing in Inform7 ever since. I've also spent some time working on this site – though I've got even bigger changes coming in the future – learning a few new languages, and listening to a whole lot of music. I think something happened in cybersec too? Oh also I learned how to drive. 4 5 ## Interactive Fiction 6 7 These past few weeks, my main work has been on interactive fiction as part of a summer class for my school. The first week was spent learning the history of text adventures (as I will refer to them for the rest of the article, becuase calling them "interactive fiction" makes me sound like a dick). I gathered a collection of games to play in free time (if I ever have any more of that), from the very first of the genre – Adventure – to modern ones like Lost Pig. 8 9 In the second week, we all made our own text adventures. It was a really interesting experience – drastically different than any other programming I've done. The main thing I struggled with was the semi-NLP style of Inform7. Rather than telling the computer what to do, I felt like I was making suggestions. I also struggled with the editor a bit. Inform7 isn't open source, which means there's only one IDE you can use to program in the language. That would be fine if the IDE was high quality, but I often found it really bad and draining. This was made a little better after I changed the editor colors to be much more vibrant (so I wouldn't fall asleep), but I still felt like it needed some work. Regardless of any struggles along the way, the payoff after the game was finished was huge. Watching my little sister play a text adventure for the first time, one I had made, was awesome. 10 11 12 Without further ado, I present to you: 13 14 => /static/one-angry-wizard.gblorb One Angry Wizard, or the Tentacular Adventures of our Brave Hero through a World Most Strange and Foreign 15 => http://inform7.com/ Inform7 (text adventure ide) 16 => http://ccxvii.net/gargoyle/ Gargoyle (text adventure player) 17 18 ## Site Work 19 20 I made some changes that you guys can see, and some other ones behind the scenes. 21 22 ### Joining Webrings 23 24 I first encountered webrings on Hacker News, where I find most of my interesting internet things. From there, I decided to join both the geekring and the Hotline Webring – you can find links to the webrings on the homepage. Joining the Hotline Webring was designed to be supremely easy, but the geekring was a little more complicated. I've never been a big IRC person (though not for lack of trying), and I ended up joining via the HTML form and getting my key via email (I may or may not have confused my number with my private-ish key, and had to use a little bit of bfg magic to fix that). 25 26 => https://geekring.net/ geekring 27 => https://hotlinewebring.club/ Hotline Webring 28 29 ### Self-Hosting 30 31 My site was previously hosted using a continuous deploy on Netlify. This was a pretty great system for me – all I had to do was commit my code to the GitHub repo, which I was already doing, and then they would take care of everything and serve a great site – here's the kicker – for free. 32 33 This was working really well for me for a while, until I decided to add security headers to the site. I tried doing this in two different ways: using Helmet as described in the Sapper Docs and using Netlify _headers. The Helmet middleware didn't work with Netlify, and I'm honestly not sure why – possibly because of how they host the file server (I'm not sure what/how they server the site), or maybe I just f*cked up somewhere idk JavaScript is hard. Using the Netlify config didn't work either because I'm not a paying subscriber, which wasn't too clear at first. This would probably be solved if I just gave them money, but I'm not going to do that any time soon. 34 35 I decided to move to DigitalOcean and host the site myself (or I guess not totally myself – I don't feel comfortable running it on a Pi from my house just yet) with Caddy. I went with DigitalOcean partially because of their dev-focused business model, but mostly because they're cheap (my droplet is USD$5/month and I get $50 credit with them from the GitHub Student Developer Pack – my first year of hosting for only $10). 36 37 Unfortunately, I didn't quite run the transition too well. It definitely wasn't zero downtime – it was probably more like a-few-hours downtime. I doubt this really affected anyone because of my small audience, but I was still up late working on it. If it had happened a few days later, it might have gotten mixed up with the Cloudflare downtime (I don't use Cloudflare). 38 39 => https://techcrunch.com/2020/07/17/cloudflare-dns-goes-down-taking-a-large-piece-of-the-internet-with-it/ Cloudflare downtime 40 41 My current setup uses a custom CaddyServer configuration to serve my site, which I am absolutely loving so far: it is so much easier to run advanced setups with Caddy than Apache or Nginx. I wanted to move away from Javascript analytics (via GoatCounter) to log-based analytics (via GoAccess) but found that Caddy's structured logs are not supported natively. I'm hoping they'll add it soon though! 42 43 => https://github.com/allinurl/goaccess/issues/1768#issuecomment-646674023 Caddy support potentially coming to GoAccess... 44 45 ### Next Steps 46 47 I've got two major todos for my site in the near future. The first thing I want to do is Dockerize. Using Docker will significantly clean up my current setup, and allow me to host more fun things on the same machine (for example, my own analytics and maybe git). With that said, I probably should get a little better at Docker first... For beginners, Flavio Copes' has a few pretty great posts on the subject. 48 49 => https://flaviocopes.com/tags/docker/ Flavio Copes' Docker series 50 51 The second thing I want to do is a bit of a larger project, and one I'm not yet sure how I'm going to solve it. I've run into some problems with the frameworks I use to develop figbert.com. Sapper generates inline scripts and blobs, which tanks the security of my CSP. Their proposed solution is to inject nonces with JS middleware, but this doesn't work with CaddyServer. I would much rather Sapper avoid inline scripts altogether, but this doesn't seem likely. I really like the freedom that writing static sites in Svelte provides me versus other static site generators, but this could be a dealbreaker. I might talk a look at Routify and see if that's any better. 52 53 I've also been reconsidering using TailwindCSS, however useful it is, after reading some articles on the subject. I attempted to replicate the current look of figbert.com without TailwindCSS, and failed. So I'm probably going to rewrite the site again, though I'm not sure how. Through iteration, we will arrive at a stable version – this one, unfortunately, is not yet it. If I do leave Svelte, which is probably a 50/50 chance at this point, I would probably go either back to Hugo (with some variation of the incredible archie theme) or to Zola. 54 55 => https://www.roguelazer.com/2020/07/etcd-or-why-modern-software-makes-me-sad/ Etcd, or, why modern software makes me sad 56 => https://johanronsse.be/2020/07/08/why-youll-probably-regret-using-tailwind/ Why you'll probably regret using Tailwind 57 => https://gohugo.io/ Hugo 58 => https://github.com/athul/archie archie theme 59 => https://www.getzola.org/ Zola 60 61 ## Real World Updates 62 63 ### CyberSec 64 65 So, some pretty crazy things have happened. For one, Twitter got hacked by some people from OGUsers who got access to some internal managment tools. This hack, though not necessarily the most technical hack, was super high profile. There were a few really good articles written about the hack, but I also noticed a few people acting in ways that I thought were not appropriate. More specifically, Biran Krebs, who reacted to the hack by repeatedly doxxing the hackers, many of whom are still teenagers. He's received relatively little criticism for doing this, though it appears to be a pattern of behavior. 66 67 => https://techcrunch.com/2020/07/15/twitter-accounts-hacked-crypto-scam/ Techcrunch on the Twitter hack 68 => https://ogusers.com/ OGUsers 69 => https://fortenf.org/e/security/2020/07/15/twitter-hack.html No, you couldn't have made more money than the Twitter hacker 70 71 => https://krebsonsecurity.com/ Biran Krebs 72 => https://krebsonsecurity.com/2020/07/twitter-hacking-for-profit-and-the-lols/ Dox #1 73 => https://krebsonsecurity.com/2020/07/whos-behind-wednesdays-epic-twitter-hack/ Dox #2 74 => https://news.ycombinator.com/item?id=23865035 Little criticism 75 => https://itwire.com/security/infosec-researchers-slam-ex-wapo-man-krebs-over-doxxing.html A pattern of behavior 76 77 There was also a brief mention of a new macOS malware, but judging by the lack of further publicity it's probably not that common in the wild. That, or people don't care because it's spread mainly through torrenting sites and they don't want to protect people they perceived to be morally below them – which is wrong, obviously. 78 79 => https://www.wired.com/story/new-mac-ransomware-thiefquest-evilquest/ Wired on macOS malware 80 81 ### Driving 82 83 I learned how to drive! Or rather, I got kind-of licensed to drive a car in the US. I've been driving around a lot lately as something fun I can do to pass time in quarantine, and last week I finished my online driver's ed course and got my learner's permit. It was a surprisingly simple and COVID-friendly process! The most complicated/least COVID-friendly part was going to the DMV to take the written test, but I wore a mask and gloves and glared at anybody who got remotely close to me. The next steps are much more dangerous to do during a pandemic, but we have a year to complete them so we're going to delay them (some in-person driver's training and the driver's test) for a bit. For now though, I have a piece of paper that says I can learn to drive! 84 85 ### Better Platforms 86 87 I've also taken some time to focus on decentralization. I've had a Mastodon account for a while, but I rarely used it. I didn't have a mobile client, and I almost never use social media on my computers. To help change my behaviour I downloaded Mast, a paid Mastodon client for the Apple ecosystem. I went with Mast mostly because it's gorgeous – and open source – which is something I value in the apps I use. Apps that look really nice are fantastic inspiration for my own apps' designs, and this one is no exception. 88 89 => https://fosstodon.org/@figbert Mastodon account 90 => https://apps.apple.com/us/app/mast/id1437429129 Mast on the App Store 91 => https://github.com/tiagomartinho/Mast2 Mast source on Github 92 93 I've also started using three other apps much more heavily recently: Feedly, Octal, and Element. Feedly is a fantastic RSS reader, which helps me keep track of all the interesting blogs that I find online (I read somewhere about self-hosting an RSS reader, which sounds pretty cool, but I forget what it was called). Octal is a HN client for iOS, which is really handy for keeping up with my favorite tech news when I'm away from my computer. Element (previously Riot), is the first-party Matrix client that makes using a decentralized E2EE chat service feel better than Discord. I love it. In an ideal world where I could choose the tools I use to communicate with people, I would only use Signal and Element/Matrix (for replacing iMessage and Discord/Slack, respectively). 94 95 => https://feedly.com/ Feedly 96 => https://apps.apple.com/us/app/octal/id1308885491 Octal 97 => https://element.io/ Element 98 => https://matrix.org/ Matrix 99 100 ### Music 101 102 Oh my god there's so much new music. 103 104 * Jonny by Bar Tsabari 105 * Kukuriku by Eden Ben Zaken and Omer Adam 106 * Ta'azri et Atzmech by Dekel Vaknin 107 * Sivuvim by Eden Hason 108 * Lecha Dodi by Moshe Peretz and others 109 * Haravot BaPita (Album) by Peled 110 * Magevet BaAvir by Noroz 111 * Nadav_15 by Shekel 112 * Moshe by Narkis and Miri Mesikah 113 * Tik Tok by Mohamed Ramadan and Super Sako 114 * Aliyato VeNiflato Shel Shem Tov Hevi by Tamir Bar 115 * Falafel Pop (Album) by Quarter to Africa 116 * Lama Kacha Atzuva by Idan Raichel and Stav Beger 117 * Kapara by Kevin Robin and Rotem Cohen 118 * Ehad HaAm by Aya Zahavi Fayglin 119 120 ## Wrapup 121 122 I hope you enjoyed reading this update! I know it's much longer than usual, and I'll try and keep them shorter than this from now on. I plan on uploaded more short, topic-focused articles rather than just updates, but those will come soon. For now though, I need to focus on knocking out some of the larger projects that I'm working on. I keep finding cool and interesting things to do, and I need to work on finishing the ones that I've already started! 123 124 Salamat, 125 FIGBERT 126